Lucene search

[email protected]NVD:CVE-2019-1842

HistoryJun 05, 2019 - 5:29 p.m.

CVE-2019-1842

2019-06-0517:29:00

CWE-285

CWE-287

[email protected]

web.nvd.nist.gov

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

29.4%

JSON

A vulnerability in the Secure Shell (SSH) authentication function of Cisco IOS XR Software could allow an authenticated, remote attacker to successfully log in to an affected device using two distinct usernames. The vulnerability is due to a logic error that may occur when certain sequences of actions are processed during an SSH login event on the affected device. An attacker could exploit this vulnerability by initiating an SSH session to the device with a specific sequence that presents the two usernames. A successful exploit could result in logging data misrepresentation, user enumeration, or, in certain circumstances, a command authorization bypass. See the Details section for more information.

Affected configurations

Nvd

Node

ciscoios_xr_firmwareMatch6.1.2.tools

ciscoios_xr_firmwareMatch6.1.3.tools

ciscoios_xr_firmwareMatch6.2.3.tools

ciscoios_xr_firmwareMatch6.4.2.tools

AND

ciscoasr_9001Match-

ciscoasr_9006Match-

ciscoasr_9010Match-

ciscoasr_9901Match-

ciscoasr_9904Match-

ciscoasr_9906Match-

ciscoasr_9910Match-

ciscoasr_9912Match-

ciscoasr_9922Match-

ciscocrs-1_16-slot_line_card_chassisMatch-

ciscocrs-1_16-slot_single-shelf_systemMatch-

ciscocrs-1_4-slot_single-shelf_systemMatch-

ciscocrs-1_8-slot_line_card_chassisMatch-

ciscocrs-1_8-slot_single-shelf_systemMatch-

ciscocrs-1_fabric_card_chassisMatch-

ciscocrs-1_line_card_chassis_\(dual\)Match-

ciscocrs-1_line_card_chassis_\(multi\)Match-

ciscocrs-1_multishelf_systemMatch-

ciscocrs-3_16-slot_single-shelf_systemMatch-

ciscocrs-3_4-slot_single-shelf_systemMatch-

ciscocrs-3_8-slot_single-shelf_systemMatch-

ciscocrs-3_multishelf_systemMatch-

ciscocrs-8\/s-b_crsMatch-

ciscocrs-8\/scrsMatch-

ciscocrs-x_16-slot_single-shelf_systemMatch-

ciscocrs-x_multishelf_systemMatch-

cisconcs_6008-8-slot_chassisMatch-

cisconetwork_convergence_system_5508Match-

VendorProductVersionCPE
ciscoios_xr_firmware6.1.2.toolscpe:2.3:o:cisco:ios_xr_firmware:6.1.2.tools:*:*:*:*:*:*:*
ciscoios_xr_firmware6.1.3.toolscpe:2.3:o:cisco:ios_xr_firmware:6.1.3.tools:*:*:*:*:*:*:*
ciscoios_xr_firmware6.2.3.toolscpe:2.3:o:cisco:ios_xr_firmware:6.2.3.tools:*:*:*:*:*:*:*
ciscoios_xr_firmware6.4.2.toolscpe:2.3:o:cisco:ios_xr_firmware:6.4.2.tools:*:*:*:*:*:*:*
ciscoasr_9001-cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*
ciscoasr_9006-cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*
ciscoasr_9010-cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*
ciscoasr_9901-cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:*:*
ciscoasr_9904-cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*
ciscoasr_9906-cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios_xr_firmware	6.1.2.tools	cpe:2.3:o:cisco:ios_xr_firmware:6.1.2.tools:::::::*
cisco	ios_xr_firmware	6.1.3.tools	cpe:2.3:o:cisco:ios_xr_firmware:6.1.3.tools:::::::*
cisco	ios_xr_firmware	6.2.3.tools	cpe:2.3:o:cisco:ios_xr_firmware:6.2.3.tools:::::::*
cisco	ios_xr_firmware	6.4.2.tools	cpe:2.3:o:cisco:ios_xr_firmware:6.4.2.tools:::::::*
cisco	asr_9001	-	cpe:2.3:h:cisco:asr_9001:-:::::::*
cisco	asr_9006	-	cpe:2.3:h:cisco:asr_9006:-:::::::*
cisco	asr_9010	-	cpe:2.3:h:cisco:asr_9010:-:::::::*
cisco	asr_9901	-	cpe:2.3:h:cisco:asr_9901:-:::::::*
cisco	asr_9904	-	cpe:2.3:h:cisco:asr_9904:-:::::::*
cisco	asr_9906	-	cpe:2.3:h:cisco:asr_9906:-:::::::*

Rows per page:

1-10 of 321

References

www.securityfocus.com/bid/108687

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-iosxr-ssh

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

29.4%

JSON

Related for NVD:CVE-2019-1842

cisco1 cve1 nessus1 prion1 cvelist1 threatpost1 fedora9