All the vulnerabilites related to Cisco - Cisco IOS and IOS XE Software
cve-2019-1761
Vulnerability from cvelistv5
Published
2019-03-28 00:25
Modified
2024-11-21 19:41
Severity ?
EPSS score ?
Summary
A vulnerability in the Hot Standby Router Protocol (HSRP) subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to receive potentially sensitive information from an affected device. The vulnerability is due to insufficient memory initialization. An attacker could exploit this vulnerability by receiving HSRPv2 traffic from an adjacent HSRP member. A successful exploit could allow the attacker to receive potentially sensitive information from the adjacent device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-ios-infoleak | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/107620 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco IOS and IOS XE Software |
Version: 3.2.0SG Version: 3.2.1SG Version: 3.2.2SG Version: 3.2.3SG Version: 3.2.4SG Version: 3.2.5SG Version: 3.2.6SG Version: 3.2.7SG Version: 3.2.8SG Version: 3.2.9SG Version: 3.2.10SG Version: 3.2.11SG Version: 3.7.0S Version: 3.7.1S Version: 3.7.2S Version: 3.7.3S Version: 3.7.4S Version: 3.7.5S Version: 3.7.6S Version: 3.7.7S Version: 3.7.8S Version: 3.7.4aS Version: 3.7.2tS Version: 3.7.0bS Version: 3.7.1aS Version: 3.3.0SG Version: 3.3.2SG Version: 3.3.1SG Version: 3.8.0S Version: 3.8.1S Version: 3.8.2S Version: 3.9.1S Version: 3.9.0S Version: 3.9.2S Version: 3.9.1aS Version: 3.9.0aS Version: 3.2.0SE Version: 3.2.1SE Version: 3.2.2SE Version: 3.2.3SE Version: 3.3.0SE Version: 3.3.1SE Version: 3.3.2SE Version: 3.3.3SE Version: 3.3.4SE Version: 3.3.5SE Version: 3.3.0XO Version: 3.3.1XO Version: 3.3.2XO Version: 3.4.0SG Version: 3.4.2SG Version: 3.4.1SG Version: 3.4.3SG Version: 3.4.4SG Version: 3.4.5SG Version: 3.4.6SG Version: 3.4.7SG Version: 3.4.8SG Version: 3.5.0E Version: 3.5.1E Version: 3.5.2E Version: 3.5.3E Version: 3.10.0S Version: 3.10.1S Version: 3.10.2S Version: 3.10.3S Version: 3.10.4S Version: 3.10.5S Version: 3.10.6S Version: 3.10.2aS Version: 3.10.2tS Version: 3.10.7S Version: 3.10.8S Version: 3.10.8aS Version: 3.10.9S Version: 3.10.10S Version: 3.11.1S Version: 3.11.2S Version: 3.11.0S Version: 3.11.3S Version: 3.11.4S Version: 3.12.0S Version: 3.12.1S Version: 3.12.2S Version: 3.12.3S Version: 3.12.0aS Version: 3.12.4S Version: 3.13.0S Version: 3.13.1S Version: 3.13.2S Version: 3.13.3S Version: 3.13.4S Version: 3.13.5S Version: 3.13.2aS Version: 3.13.0aS Version: 3.13.5aS Version: 3.13.6S Version: 3.13.7S Version: 3.13.6aS Version: 3.13.6bS Version: 3.13.7aS Version: 3.13.8S Version: 3.13.9S Version: 3.13.10S Version: 3.6.0E Version: 3.6.1E Version: 3.6.0aE Version: 3.6.0bE Version: 3.6.2aE Version: 3.6.2E Version: 3.6.3E Version: 3.6.4E Version: 3.6.5E Version: 3.6.6E Version: 3.6.5aE Version: 3.6.5bE Version: 3.6.7E Version: 3.6.8E Version: 3.6.7aE Version: 3.6.7bE Version: 3.6.9E Version: 3.6.9aE Version: 3.14.0S Version: 3.14.1S Version: 3.14.2S Version: 3.14.3S Version: 3.14.4S Version: 3.15.0S Version: 3.15.1S Version: 3.15.2S Version: 3.15.1cS Version: 3.15.3S Version: 3.15.4S Version: 3.3.0SQ Version: 3.3.1SQ Version: 3.4.0SQ Version: 3.4.1SQ Version: 3.7.0E Version: 3.7.1E Version: 3.7.2E Version: 3.7.3E Version: 3.7.4E Version: 3.7.5E Version: 3.5.0SQ Version: 3.5.1SQ Version: 3.5.2SQ Version: 3.5.3SQ Version: 3.5.4SQ Version: 3.5.5SQ Version: 3.5.6SQ Version: 3.5.7SQ Version: 3.5.8SQ Version: 3.16.0S Version: 3.16.1S Version: 3.16.0aS Version: 3.16.1aS Version: 3.16.2S Version: 3.16.2aS Version: 3.16.0bS Version: 3.16.0cS Version: 3.16.3S Version: 3.16.2bS Version: 3.16.3aS Version: 3.16.4S Version: 3.16.4aS Version: 3.16.4bS Version: 3.16.4gS Version: 3.16.5S Version: 3.16.4cS Version: 3.16.4dS Version: 3.16.4eS Version: 3.16.6S Version: 3.16.5aS Version: 3.16.5bS Version: 3.16.7S Version: 3.16.6bS Version: 3.16.7aS Version: 3.16.7bS Version: 3.16.8S Version: 3.17.0S Version: 3.17.1S Version: 3.17.2S Version: 3.17.1aS Version: 3.17.3S Version: 3.17.4S Version: 16.1.1 Version: 16.1.2 Version: 16.1.3 Version: 3.2.0JA Version: 16.2.1 Version: 16.2.2 Version: 3.8.0E Version: 3.8.1E Version: 3.8.2E Version: 3.8.3E Version: 3.8.4E Version: 3.8.5E Version: 3.8.5aE Version: 3.8.6E Version: 3.8.7E Version: 16.3.1 Version: 16.3.2 Version: 16.3.3 Version: 16.3.1a Version: 16.3.4 Version: 16.3.5 Version: 16.3.5b Version: 16.3.6 Version: 16.3.7 Version: 16.4.1 Version: 16.4.2 Version: 16.4.3 Version: 16.5.1 Version: 16.5.1a Version: 16.5.1b Version: 16.5.2 Version: 16.5.3 Version: 3.18.0aS Version: 3.18.0S Version: 3.18.1S Version: 3.18.2S Version: 3.18.3S Version: 3.18.4S Version: 3.18.0SP Version: 3.18.1SP Version: 3.18.1aSP Version: 3.18.1gSP Version: 3.18.1bSP Version: 3.18.1cSP Version: 3.18.2SP Version: 3.18.1hSP Version: 3.18.2aSP Version: 3.18.1iSP Version: 3.18.3SP Version: 3.18.4SP Version: 3.18.3aSP Version: 3.18.3bSP Version: 3.18.5SP Version: 3.9.0E Version: 3.9.1E Version: 3.9.2E Version: 3.9.2bE Version: 16.6.1 Version: 16.6.2 Version: 16.6.3 Version: 16.6.4 Version: 16.6.4s Version: 16.6.4a Version: 16.7.1 Version: 16.7.1a Version: 16.7.1b Version: 16.7.2 Version: 16.8.1 Version: 16.8.1a Version: 16.8.1b Version: 16.8.1s Version: 16.8.1c Version: 16.8.1d Version: 16.8.2 Version: 16.8.1e Version: 16.9.1 Version: 16.9.1a Version: 16.9.1b Version: 16.9.1s Version: 16.9.1c Version: 16.9.1d Version: 3.10.0E Version: 3.10.1E Version: 3.10.0cE Version: 3.10.2E Version: 3.10.1aE Version: 3.10.1sE |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:28:42.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190327 Cisco IOS and IOS XE Software Hot Standby Router Protocol Information Leak Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-ios-infoleak"
},
{
"name": "107620",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107620"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-1761",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-21T18:59:47.091418Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T19:41:22.576Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS and IOS XE Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2.0SG"
},
{
"status": "affected",
"version": "3.2.1SG"
},
{
"status": "affected",
"version": "3.2.2SG"
},
{
"status": "affected",
"version": "3.2.3SG"
},
{
"status": "affected",
"version": "3.2.4SG"
},
{
"status": "affected",
"version": "3.2.5SG"
},
{
"status": "affected",
"version": "3.2.6SG"
},
{
"status": "affected",
"version": "3.2.7SG"
},
{
"status": "affected",
"version": "3.2.8SG"
},
{
"status": "affected",
"version": "3.2.9SG"
},
{
"status": "affected",
"version": "3.2.10SG"
},
{
"status": "affected",
"version": "3.2.11SG"
},
{
"status": "affected",
"version": "3.7.0S"
},
{
"status": "affected",
"version": "3.7.1S"
},
{
"status": "affected",
"version": "3.7.2S"
},
{
"status": "affected",
"version": "3.7.3S"
},
{
"status": "affected",
"version": "3.7.4S"
},
{
"status": "affected",
"version": "3.7.5S"
},
{
"status": "affected",
"version": "3.7.6S"
},
{
"status": "affected",
"version": "3.7.7S"
},
{
"status": "affected",
"version": "3.7.8S"
},
{
"status": "affected",
"version": "3.7.4aS"
},
{
"status": "affected",
"version": "3.7.2tS"
},
{
"status": "affected",
"version": "3.7.0bS"
},
{
"status": "affected",
"version": "3.7.1aS"
},
{
"status": "affected",
"version": "3.3.0SG"
},
{
"status": "affected",
"version": "3.3.2SG"
},
{
"status": "affected",
"version": "3.3.1SG"
},
{
"status": "affected",
"version": "3.8.0S"
},
{
"status": "affected",
"version": "3.8.1S"
},
{
"status": "affected",
"version": "3.8.2S"
},
{
"status": "affected",
"version": "3.9.1S"
},
{
"status": "affected",
"version": "3.9.0S"
},
{
"status": "affected",
"version": "3.9.2S"
},
{
"status": "affected",
"version": "3.9.1aS"
},
{
"status": "affected",
"version": "3.9.0aS"
},
{
"status": "affected",
"version": "3.2.0SE"
},
{
"status": "affected",
"version": "3.2.1SE"
},
{
"status": "affected",
"version": "3.2.2SE"
},
{
"status": "affected",
"version": "3.2.3SE"
},
{
"status": "affected",
"version": "3.3.0SE"
},
{
"status": "affected",
"version": "3.3.1SE"
},
{
"status": "affected",
"version": "3.3.2SE"
},
{
"status": "affected",
"version": "3.3.3SE"
},
{
"status": "affected",
"version": "3.3.4SE"
},
{
"status": "affected",
"version": "3.3.5SE"
},
{
"status": "affected",
"version": "3.3.0XO"
},
{
"status": "affected",
"version": "3.3.1XO"
},
{
"status": "affected",
"version": "3.3.2XO"
},
{
"status": "affected",
"version": "3.4.0SG"
},
{
"status": "affected",
"version": "3.4.2SG"
},
{
"status": "affected",
"version": "3.4.1SG"
},
{
"status": "affected",
"version": "3.4.3SG"
},
{
"status": "affected",
"version": "3.4.4SG"
},
{
"status": "affected",
"version": "3.4.5SG"
},
{
"status": "affected",
"version": "3.4.6SG"
},
{
"status": "affected",
"version": "3.4.7SG"
},
{
"status": "affected",
"version": "3.4.8SG"
},
{
"status": "affected",
"version": "3.5.0E"
},
{
"status": "affected",
"version": "3.5.1E"
},
{
"status": "affected",
"version": "3.5.2E"
},
{
"status": "affected",
"version": "3.5.3E"
},
{
"status": "affected",
"version": "3.10.0S"
},
{
"status": "affected",
"version": "3.10.1S"
},
{
"status": "affected",
"version": "3.10.2S"
},
{
"status": "affected",
"version": "3.10.3S"
},
{
"status": "affected",
"version": "3.10.4S"
},
{
"status": "affected",
"version": "3.10.5S"
},
{
"status": "affected",
"version": "3.10.6S"
},
{
"status": "affected",
"version": "3.10.2aS"
},
{
"status": "affected",
"version": "3.10.2tS"
},
{
"status": "affected",
"version": "3.10.7S"
},
{
"status": "affected",
"version": "3.10.8S"
},
{
"status": "affected",
"version": "3.10.8aS"
},
{
"status": "affected",
"version": "3.10.9S"
},
{
"status": "affected",
"version": "3.10.10S"
},
{
"status": "affected",
"version": "3.11.1S"
},
{
"status": "affected",
"version": "3.11.2S"
},
{
"status": "affected",
"version": "3.11.0S"
},
{
"status": "affected",
"version": "3.11.3S"
},
{
"status": "affected",
"version": "3.11.4S"
},
{
"status": "affected",
"version": "3.12.0S"
},
{
"status": "affected",
"version": "3.12.1S"
},
{
"status": "affected",
"version": "3.12.2S"
},
{
"status": "affected",
"version": "3.12.3S"
},
{
"status": "affected",
"version": "3.12.0aS"
},
{
"status": "affected",
"version": "3.12.4S"
},
{
"status": "affected",
"version": "3.13.0S"
},
{
"status": "affected",
"version": "3.13.1S"
},
{
"status": "affected",
"version": "3.13.2S"
},
{
"status": "affected",
"version": "3.13.3S"
},
{
"status": "affected",
"version": "3.13.4S"
},
{
"status": "affected",
"version": "3.13.5S"
},
{
"status": "affected",
"version": "3.13.2aS"
},
{
"status": "affected",
"version": "3.13.0aS"
},
{
"status": "affected",
"version": "3.13.5aS"
},
{
"status": "affected",
"version": "3.13.6S"
},
{
"status": "affected",
"version": "3.13.7S"
},
{
"status": "affected",
"version": "3.13.6aS"
},
{
"status": "affected",
"version": "3.13.6bS"
},
{
"status": "affected",
"version": "3.13.7aS"
},
{
"status": "affected",
"version": "3.13.8S"
},
{
"status": "affected",
"version": "3.13.9S"
},
{
"status": "affected",
"version": "3.13.10S"
},
{
"status": "affected",
"version": "3.6.0E"
},
{
"status": "affected",
"version": "3.6.1E"
},
{
"status": "affected",
"version": "3.6.0aE"
},
{
"status": "affected",
"version": "3.6.0bE"
},
{
"status": "affected",
"version": "3.6.2aE"
},
{
"status": "affected",
"version": "3.6.2E"
},
{
"status": "affected",
"version": "3.6.3E"
},
{
"status": "affected",
"version": "3.6.4E"
},
{
"status": "affected",
"version": "3.6.5E"
},
{
"status": "affected",
"version": "3.6.6E"
},
{
"status": "affected",
"version": "3.6.5aE"
},
{
"status": "affected",
"version": "3.6.5bE"
},
{
"status": "affected",
"version": "3.6.7E"
},
{
"status": "affected",
"version": "3.6.8E"
},
{
"status": "affected",
"version": "3.6.7aE"
},
{
"status": "affected",
"version": "3.6.7bE"
},
{
"status": "affected",
"version": "3.6.9E"
},
{
"status": "affected",
"version": "3.6.9aE"
},
{
"status": "affected",
"version": "3.14.0S"
},
{
"status": "affected",
"version": "3.14.1S"
},
{
"status": "affected",
"version": "3.14.2S"
},
{
"status": "affected",
"version": "3.14.3S"
},
{
"status": "affected",
"version": "3.14.4S"
},
{
"status": "affected",
"version": "3.15.0S"
},
{
"status": "affected",
"version": "3.15.1S"
},
{
"status": "affected",
"version": "3.15.2S"
},
{
"status": "affected",
"version": "3.15.1cS"
},
{
"status": "affected",
"version": "3.15.3S"
},
{
"status": "affected",
"version": "3.15.4S"
},
{
"status": "affected",
"version": "3.3.0SQ"
},
{
"status": "affected",
"version": "3.3.1SQ"
},
{
"status": "affected",
"version": "3.4.0SQ"
},
{
"status": "affected",
"version": "3.4.1SQ"
},
{
"status": "affected",
"version": "3.7.0E"
},
{
"status": "affected",
"version": "3.7.1E"
},
{
"status": "affected",
"version": "3.7.2E"
},
{
"status": "affected",
"version": "3.7.3E"
},
{
"status": "affected",
"version": "3.7.4E"
},
{
"status": "affected",
"version": "3.7.5E"
},
{
"status": "affected",
"version": "3.5.0SQ"
},
{
"status": "affected",
"version": "3.5.1SQ"
},
{
"status": "affected",
"version": "3.5.2SQ"
},
{
"status": "affected",
"version": "3.5.3SQ"
},
{
"status": "affected",
"version": "3.5.4SQ"
},
{
"status": "affected",
"version": "3.5.5SQ"
},
{
"status": "affected",
"version": "3.5.6SQ"
},
{
"status": "affected",
"version": "3.5.7SQ"
},
{
"status": "affected",
"version": "3.5.8SQ"
},
{
"status": "affected",
"version": "3.16.0S"
},
{
"status": "affected",
"version": "3.16.1S"
},
{
"status": "affected",
"version": "3.16.0aS"
},
{
"status": "affected",
"version": "3.16.1aS"
},
{
"status": "affected",
"version": "3.16.2S"
},
{
"status": "affected",
"version": "3.16.2aS"
},
{
"status": "affected",
"version": "3.16.0bS"
},
{
"status": "affected",
"version": "3.16.0cS"
},
{
"status": "affected",
"version": "3.16.3S"
},
{
"status": "affected",
"version": "3.16.2bS"
},
{
"status": "affected",
"version": "3.16.3aS"
},
{
"status": "affected",
"version": "3.16.4S"
},
{
"status": "affected",
"version": "3.16.4aS"
},
{
"status": "affected",
"version": "3.16.4bS"
},
{
"status": "affected",
"version": "3.16.4gS"
},
{
"status": "affected",
"version": "3.16.5S"
},
{
"status": "affected",
"version": "3.16.4cS"
},
{
"status": "affected",
"version": "3.16.4dS"
},
{
"status": "affected",
"version": "3.16.4eS"
},
{
"status": "affected",
"version": "3.16.6S"
},
{
"status": "affected",
"version": "3.16.5aS"
},
{
"status": "affected",
"version": "3.16.5bS"
},
{
"status": "affected",
"version": "3.16.7S"
},
{
"status": "affected",
"version": "3.16.6bS"
},
{
"status": "affected",
"version": "3.16.7aS"
},
{
"status": "affected",
"version": "3.16.7bS"
},
{
"status": "affected",
"version": "3.16.8S"
},
{
"status": "affected",
"version": "3.17.0S"
},
{
"status": "affected",
"version": "3.17.1S"
},
{
"status": "affected",
"version": "3.17.2S"
},
{
"status": "affected",
"version": "3.17.1aS"
},
{
"status": "affected",
"version": "3.17.3S"
},
{
"status": "affected",
"version": "3.17.4S"
},
{
"status": "affected",
"version": "16.1.1"
},
{
"status": "affected",
"version": "16.1.2"
},
{
"status": "affected",
"version": "16.1.3"
},
{
"status": "affected",
"version": "3.2.0JA"
},
{
"status": "affected",
"version": "16.2.1"
},
{
"status": "affected",
"version": "16.2.2"
},
{
"status": "affected",
"version": "3.8.0E"
},
{
"status": "affected",
"version": "3.8.1E"
},
{
"status": "affected",
"version": "3.8.2E"
},
{
"status": "affected",
"version": "3.8.3E"
},
{
"status": "affected",
"version": "3.8.4E"
},
{
"status": "affected",
"version": "3.8.5E"
},
{
"status": "affected",
"version": "3.8.5aE"
},
{
"status": "affected",
"version": "3.8.6E"
},
{
"status": "affected",
"version": "3.8.7E"
},
{
"status": "affected",
"version": "16.3.1"
},
{
"status": "affected",
"version": "16.3.2"
},
{
"status": "affected",
"version": "16.3.3"
},
{
"status": "affected",
"version": "16.3.1a"
},
{
"status": "affected",
"version": "16.3.4"
},
{
"status": "affected",
"version": "16.3.5"
},
{
"status": "affected",
"version": "16.3.5b"
},
{
"status": "affected",
"version": "16.3.6"
},
{
"status": "affected",
"version": "16.3.7"
},
{
"status": "affected",
"version": "16.4.1"
},
{
"status": "affected",
"version": "16.4.2"
},
{
"status": "affected",
"version": "16.4.3"
},
{
"status": "affected",
"version": "16.5.1"
},
{
"status": "affected",
"version": "16.5.1a"
},
{
"status": "affected",
"version": "16.5.1b"
},
{
"status": "affected",
"version": "16.5.2"
},
{
"status": "affected",
"version": "16.5.3"
},
{
"status": "affected",
"version": "3.18.0aS"
},
{
"status": "affected",
"version": "3.18.0S"
},
{
"status": "affected",
"version": "3.18.1S"
},
{
"status": "affected",
"version": "3.18.2S"
},
{
"status": "affected",
"version": "3.18.3S"
},
{
"status": "affected",
"version": "3.18.4S"
},
{
"status": "affected",
"version": "3.18.0SP"
},
{
"status": "affected",
"version": "3.18.1SP"
},
{
"status": "affected",
"version": "3.18.1aSP"
},
{
"status": "affected",
"version": "3.18.1gSP"
},
{
"status": "affected",
"version": "3.18.1bSP"
},
{
"status": "affected",
"version": "3.18.1cSP"
},
{
"status": "affected",
"version": "3.18.2SP"
},
{
"status": "affected",
"version": "3.18.1hSP"
},
{
"status": "affected",
"version": "3.18.2aSP"
},
{
"status": "affected",
"version": "3.18.1iSP"
},
{
"status": "affected",
"version": "3.18.3SP"
},
{
"status": "affected",
"version": "3.18.4SP"
},
{
"status": "affected",
"version": "3.18.3aSP"
},
{
"status": "affected",
"version": "3.18.3bSP"
},
{
"status": "affected",
"version": "3.18.5SP"
},
{
"status": "affected",
"version": "3.9.0E"
},
{
"status": "affected",
"version": "3.9.1E"
},
{
"status": "affected",
"version": "3.9.2E"
},
{
"status": "affected",
"version": "3.9.2bE"
},
{
"status": "affected",
"version": "16.6.1"
},
{
"status": "affected",
"version": "16.6.2"
},
{
"status": "affected",
"version": "16.6.3"
},
{
"status": "affected",
"version": "16.6.4"
},
{
"status": "affected",
"version": "16.6.4s"
},
{
"status": "affected",
"version": "16.6.4a"
},
{
"status": "affected",
"version": "16.7.1"
},
{
"status": "affected",
"version": "16.7.1a"
},
{
"status": "affected",
"version": "16.7.1b"
},
{
"status": "affected",
"version": "16.7.2"
},
{
"status": "affected",
"version": "16.8.1"
},
{
"status": "affected",
"version": "16.8.1a"
},
{
"status": "affected",
"version": "16.8.1b"
},
{
"status": "affected",
"version": "16.8.1s"
},
{
"status": "affected",
"version": "16.8.1c"
},
{
"status": "affected",
"version": "16.8.1d"
},
{
"status": "affected",
"version": "16.8.2"
},
{
"status": "affected",
"version": "16.8.1e"
},
{
"status": "affected",
"version": "16.9.1"
},
{
"status": "affected",
"version": "16.9.1a"
},
{
"status": "affected",
"version": "16.9.1b"
},
{
"status": "affected",
"version": "16.9.1s"
},
{
"status": "affected",
"version": "16.9.1c"
},
{
"status": "affected",
"version": "16.9.1d"
},
{
"status": "affected",
"version": "3.10.0E"
},
{
"status": "affected",
"version": "3.10.1E"
},
{
"status": "affected",
"version": "3.10.0cE"
},
{
"status": "affected",
"version": "3.10.2E"
},
{
"status": "affected",
"version": "3.10.1aE"
},
{
"status": "affected",
"version": "3.10.1sE"
}
]
}
],
"datePublic": "2019-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Hot Standby Router Protocol (HSRP) subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to receive potentially sensitive information from an affected device. The vulnerability is due to insufficient memory initialization. An attacker could exploit this vulnerability by receiving HSRPv2 traffic from an adjacent HSRP member. A successful exploit could allow the attacker to receive potentially sensitive information from the adjacent device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-665",
"description": "CWE-665",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-29T08:06:05",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20190327 Cisco IOS and IOS XE Software Hot Standby Router Protocol Information Leak Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-ios-infoleak"
},
{
"name": "107620",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107620"
}
],
"source": {
"advisory": "cisco-sa-20190327-ios-infoleak",
"defect": [
[
"CSCvj98575"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS and IOS XE Software Hot Standby Router Protocol Information Leak Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-03-27T16:00:00-0700",
"ID": "CVE-2019-1761",
"STATE": "PUBLIC",
"TITLE": "Cisco IOS and IOS XE Software Hot Standby Router Protocol Information Leak Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS and IOS XE Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.2.0SG"
},
{
"version_affected": "=",
"version_value": "3.2.1SG"
},
{
"version_affected": "=",
"version_value": "3.2.2SG"
},
{
"version_affected": "=",
"version_value": "3.2.3SG"
},
{
"version_affected": "=",
"version_value": "3.2.4SG"
},
{
"version_affected": "=",
"version_value": "3.2.5SG"
},
{
"version_affected": "=",
"version_value": "3.2.6SG"
},
{
"version_affected": "=",
"version_value": "3.2.7SG"
},
{
"version_affected": "=",
"version_value": "3.2.8SG"
},
{
"version_affected": "=",
"version_value": "3.2.9SG"
},
{
"version_affected": "=",
"version_value": "3.2.10SG"
},
{
"version_affected": "=",
"version_value": "3.2.11SG"
},
{
"version_affected": "=",
"version_value": "3.7.0S"
},
{
"version_affected": "=",
"version_value": "3.7.1S"
},
{
"version_affected": "=",
"version_value": "3.7.2S"
},
{
"version_affected": "=",
"version_value": "3.7.3S"
},
{
"version_affected": "=",
"version_value": "3.7.4S"
},
{
"version_affected": "=",
"version_value": "3.7.5S"
},
{
"version_affected": "=",
"version_value": "3.7.6S"
},
{
"version_affected": "=",
"version_value": "3.7.7S"
},
{
"version_affected": "=",
"version_value": "3.7.8S"
},
{
"version_affected": "=",
"version_value": "3.7.4aS"
},
{
"version_affected": "=",
"version_value": "3.7.2tS"
},
{
"version_affected": "=",
"version_value": "3.7.0bS"
},
{
"version_affected": "=",
"version_value": "3.7.1aS"
},
{
"version_affected": "=",
"version_value": "3.3.0SG"
},
{
"version_affected": "=",
"version_value": "3.3.2SG"
},
{
"version_affected": "=",
"version_value": "3.3.1SG"
},
{
"version_affected": "=",
"version_value": "3.8.0S"
},
{
"version_affected": "=",
"version_value": "3.8.1S"
},
{
"version_affected": "=",
"version_value": "3.8.2S"
},
{
"version_affected": "=",
"version_value": "3.9.1S"
},
{
"version_affected": "=",
"version_value": "3.9.0S"
},
{
"version_affected": "=",
"version_value": "3.9.2S"
},
{
"version_affected": "=",
"version_value": "3.9.1aS"
},
{
"version_affected": "=",
"version_value": "3.9.0aS"
},
{
"version_affected": "=",
"version_value": "3.2.0SE"
},
{
"version_affected": "=",
"version_value": "3.2.1SE"
},
{
"version_affected": "=",
"version_value": "3.2.2SE"
},
{
"version_affected": "=",
"version_value": "3.2.3SE"
},
{
"version_affected": "=",
"version_value": "3.3.0SE"
},
{
"version_affected": "=",
"version_value": "3.3.1SE"
},
{
"version_affected": "=",
"version_value": "3.3.2SE"
},
{
"version_affected": "=",
"version_value": "3.3.3SE"
},
{
"version_affected": "=",
"version_value": "3.3.4SE"
},
{
"version_affected": "=",
"version_value": "3.3.5SE"
},
{
"version_affected": "=",
"version_value": "3.3.0XO"
},
{
"version_affected": "=",
"version_value": "3.3.1XO"
},
{
"version_affected": "=",
"version_value": "3.3.2XO"
},
{
"version_affected": "=",
"version_value": "3.4.0SG"
},
{
"version_affected": "=",
"version_value": "3.4.2SG"
},
{
"version_affected": "=",
"version_value": "3.4.1SG"
},
{
"version_affected": "=",
"version_value": "3.4.3SG"
},
{
"version_affected": "=",
"version_value": "3.4.4SG"
},
{
"version_affected": "=",
"version_value": "3.4.5SG"
},
{
"version_affected": "=",
"version_value": "3.4.6SG"
},
{
"version_affected": "=",
"version_value": "3.4.7SG"
},
{
"version_affected": "=",
"version_value": "3.4.8SG"
},
{
"version_affected": "=",
"version_value": "3.5.0E"
},
{
"version_affected": "=",
"version_value": "3.5.1E"
},
{
"version_affected": "=",
"version_value": "3.5.2E"
},
{
"version_affected": "=",
"version_value": "3.5.3E"
},
{
"version_affected": "=",
"version_value": "3.10.0S"
},
{
"version_affected": "=",
"version_value": "3.10.1S"
},
{
"version_affected": "=",
"version_value": "3.10.2S"
},
{
"version_affected": "=",
"version_value": "3.10.3S"
},
{
"version_affected": "=",
"version_value": "3.10.4S"
},
{
"version_affected": "=",
"version_value": "3.10.5S"
},
{
"version_affected": "=",
"version_value": "3.10.6S"
},
{
"version_affected": "=",
"version_value": "3.10.2aS"
},
{
"version_affected": "=",
"version_value": "3.10.2tS"
},
{
"version_affected": "=",
"version_value": "3.10.7S"
},
{
"version_affected": "=",
"version_value": "3.10.8S"
},
{
"version_affected": "=",
"version_value": "3.10.8aS"
},
{
"version_affected": "=",
"version_value": "3.10.9S"
},
{
"version_affected": "=",
"version_value": "3.10.10S"
},
{
"version_affected": "=",
"version_value": "3.11.1S"
},
{
"version_affected": "=",
"version_value": "3.11.2S"
},
{
"version_affected": "=",
"version_value": "3.11.0S"
},
{
"version_affected": "=",
"version_value": "3.11.3S"
},
{
"version_affected": "=",
"version_value": "3.11.4S"
},
{
"version_affected": "=",
"version_value": "3.12.0S"
},
{
"version_affected": "=",
"version_value": "3.12.1S"
},
{
"version_affected": "=",
"version_value": "3.12.2S"
},
{
"version_affected": "=",
"version_value": "3.12.3S"
},
{
"version_affected": "=",
"version_value": "3.12.0aS"
},
{
"version_affected": "=",
"version_value": "3.12.4S"
},
{
"version_affected": "=",
"version_value": "3.13.0S"
},
{
"version_affected": "=",
"version_value": "3.13.1S"
},
{
"version_affected": "=",
"version_value": "3.13.2S"
},
{
"version_affected": "=",
"version_value": "3.13.3S"
},
{
"version_affected": "=",
"version_value": "3.13.4S"
},
{
"version_affected": "=",
"version_value": "3.13.5S"
},
{
"version_affected": "=",
"version_value": "3.13.2aS"
},
{
"version_affected": "=",
"version_value": "3.13.0aS"
},
{
"version_affected": "=",
"version_value": "3.13.5aS"
},
{
"version_affected": "=",
"version_value": "3.13.6S"
},
{
"version_affected": "=",
"version_value": "3.13.7S"
},
{
"version_affected": "=",
"version_value": "3.13.6aS"
},
{
"version_affected": "=",
"version_value": "3.13.6bS"
},
{
"version_affected": "=",
"version_value": "3.13.7aS"
},
{
"version_affected": "=",
"version_value": "3.13.8S"
},
{
"version_affected": "=",
"version_value": "3.13.9S"
},
{
"version_affected": "=",
"version_value": "3.13.10S"
},
{
"version_affected": "=",
"version_value": "3.6.0E"
},
{
"version_affected": "=",
"version_value": "3.6.1E"
},
{
"version_affected": "=",
"version_value": "3.6.0aE"
},
{
"version_affected": "=",
"version_value": "3.6.0bE"
},
{
"version_affected": "=",
"version_value": "3.6.2aE"
},
{
"version_affected": "=",
"version_value": "3.6.2E"
},
{
"version_affected": "=",
"version_value": "3.6.3E"
},
{
"version_affected": "=",
"version_value": "3.6.4E"
},
{
"version_affected": "=",
"version_value": "3.6.5E"
},
{
"version_affected": "=",
"version_value": "3.6.6E"
},
{
"version_affected": "=",
"version_value": "3.6.5aE"
},
{
"version_affected": "=",
"version_value": "3.6.5bE"
},
{
"version_affected": "=",
"version_value": "3.6.7E"
},
{
"version_affected": "=",
"version_value": "3.6.8E"
},
{
"version_affected": "=",
"version_value": "3.6.7aE"
},
{
"version_affected": "=",
"version_value": "3.6.7bE"
},
{
"version_affected": "=",
"version_value": "3.6.9E"
},
{
"version_affected": "=",
"version_value": "3.6.9aE"
},
{
"version_affected": "=",
"version_value": "3.14.0S"
},
{
"version_affected": "=",
"version_value": "3.14.1S"
},
{
"version_affected": "=",
"version_value": "3.14.2S"
},
{
"version_affected": "=",
"version_value": "3.14.3S"
},
{
"version_affected": "=",
"version_value": "3.14.4S"
},
{
"version_affected": "=",
"version_value": "3.15.0S"
},
{
"version_affected": "=",
"version_value": "3.15.1S"
},
{
"version_affected": "=",
"version_value": "3.15.2S"
},
{
"version_affected": "=",
"version_value": "3.15.1cS"
},
{
"version_affected": "=",
"version_value": "3.15.3S"
},
{
"version_affected": "=",
"version_value": "3.15.4S"
},
{
"version_affected": "=",
"version_value": "3.3.0SQ"
},
{
"version_affected": "=",
"version_value": "3.3.1SQ"
},
{
"version_affected": "=",
"version_value": "3.4.0SQ"
},
{
"version_affected": "=",
"version_value": "3.4.1SQ"
},
{
"version_affected": "=",
"version_value": "3.7.0E"
},
{
"version_affected": "=",
"version_value": "3.7.1E"
},
{
"version_affected": "=",
"version_value": "3.7.2E"
},
{
"version_affected": "=",
"version_value": "3.7.3E"
},
{
"version_affected": "=",
"version_value": "3.7.4E"
},
{
"version_affected": "=",
"version_value": "3.7.5E"
},
{
"version_affected": "=",
"version_value": "3.5.0SQ"
},
{
"version_affected": "=",
"version_value": "3.5.1SQ"
},
{
"version_affected": "=",
"version_value": "3.5.2SQ"
},
{
"version_affected": "=",
"version_value": "3.5.3SQ"
},
{
"version_affected": "=",
"version_value": "3.5.4SQ"
},
{
"version_affected": "=",
"version_value": "3.5.5SQ"
},
{
"version_affected": "=",
"version_value": "3.5.6SQ"
},
{
"version_affected": "=",
"version_value": "3.5.7SQ"
},
{
"version_affected": "=",
"version_value": "3.5.8SQ"
},
{
"version_affected": "=",
"version_value": "3.16.0S"
},
{
"version_affected": "=",
"version_value": "3.16.1S"
},
{
"version_affected": "=",
"version_value": "3.16.0aS"
},
{
"version_affected": "=",
"version_value": "3.16.1aS"
},
{
"version_affected": "=",
"version_value": "3.16.2S"
},
{
"version_affected": "=",
"version_value": "3.16.2aS"
},
{
"version_affected": "=",
"version_value": "3.16.0bS"
},
{
"version_affected": "=",
"version_value": "3.16.0cS"
},
{
"version_affected": "=",
"version_value": "3.16.3S"
},
{
"version_affected": "=",
"version_value": "3.16.2bS"
},
{
"version_affected": "=",
"version_value": "3.16.3aS"
},
{
"version_affected": "=",
"version_value": "3.16.4S"
},
{
"version_affected": "=",
"version_value": "3.16.4aS"
},
{
"version_affected": "=",
"version_value": "3.16.4bS"
},
{
"version_affected": "=",
"version_value": "3.16.4gS"
},
{
"version_affected": "=",
"version_value": "3.16.5S"
},
{
"version_affected": "=",
"version_value": "3.16.4cS"
},
{
"version_affected": "=",
"version_value": "3.16.4dS"
},
{
"version_affected": "=",
"version_value": "3.16.4eS"
},
{
"version_affected": "=",
"version_value": "3.16.6S"
},
{
"version_affected": "=",
"version_value": "3.16.5aS"
},
{
"version_affected": "=",
"version_value": "3.16.5bS"
},
{
"version_affected": "=",
"version_value": "3.16.7S"
},
{
"version_affected": "=",
"version_value": "3.16.6bS"
},
{
"version_affected": "=",
"version_value": "3.16.7aS"
},
{
"version_affected": "=",
"version_value": "3.16.7bS"
},
{
"version_affected": "=",
"version_value": "3.16.8S"
},
{
"version_affected": "=",
"version_value": "3.17.0S"
},
{
"version_affected": "=",
"version_value": "3.17.1S"
},
{
"version_affected": "=",
"version_value": "3.17.2S"
},
{
"version_affected": "=",
"version_value": "3.17.1aS"
},
{
"version_affected": "=",
"version_value": "3.17.3S"
},
{
"version_affected": "=",
"version_value": "3.17.4S"
},
{
"version_affected": "=",
"version_value": "16.1.1"
},
{
"version_affected": "=",
"version_value": "16.1.2"
},
{
"version_affected": "=",
"version_value": "16.1.3"
},
{
"version_affected": "=",
"version_value": "3.2.0JA"
},
{
"version_affected": "=",
"version_value": "16.2.1"
},
{
"version_affected": "=",
"version_value": "16.2.2"
},
{
"version_affected": "=",
"version_value": "3.8.0E"
},
{
"version_affected": "=",
"version_value": "3.8.1E"
},
{
"version_affected": "=",
"version_value": "3.8.2E"
},
{
"version_affected": "=",
"version_value": "3.8.3E"
},
{
"version_affected": "=",
"version_value": "3.8.4E"
},
{
"version_affected": "=",
"version_value": "3.8.5E"
},
{
"version_affected": "=",
"version_value": "3.8.5aE"
},
{
"version_affected": "=",
"version_value": "3.8.6E"
},
{
"version_affected": "=",
"version_value": "3.8.7E"
},
{
"version_affected": "=",
"version_value": "16.3.1"
},
{
"version_affected": "=",
"version_value": "16.3.2"
},
{
"version_affected": "=",
"version_value": "16.3.3"
},
{
"version_affected": "=",
"version_value": "16.3.1a"
},
{
"version_affected": "=",
"version_value": "16.3.4"
},
{
"version_affected": "=",
"version_value": "16.3.5"
},
{
"version_affected": "=",
"version_value": "16.3.5b"
},
{
"version_affected": "=",
"version_value": "16.3.6"
},
{
"version_affected": "=",
"version_value": "16.3.7"
},
{
"version_affected": "=",
"version_value": "16.4.1"
},
{
"version_affected": "=",
"version_value": "16.4.2"
},
{
"version_affected": "=",
"version_value": "16.4.3"
},
{
"version_affected": "=",
"version_value": "16.5.1"
},
{
"version_affected": "=",
"version_value": "16.5.1a"
},
{
"version_affected": "=",
"version_value": "16.5.1b"
},
{
"version_affected": "=",
"version_value": "16.5.2"
},
{
"version_affected": "=",
"version_value": "16.5.3"
},
{
"version_affected": "=",
"version_value": "3.18.0aS"
},
{
"version_affected": "=",
"version_value": "3.18.0S"
},
{
"version_affected": "=",
"version_value": "3.18.1S"
},
{
"version_affected": "=",
"version_value": "3.18.2S"
},
{
"version_affected": "=",
"version_value": "3.18.3S"
},
{
"version_affected": "=",
"version_value": "3.18.4S"
},
{
"version_affected": "=",
"version_value": "3.18.0SP"
},
{
"version_affected": "=",
"version_value": "3.18.1SP"
},
{
"version_affected": "=",
"version_value": "3.18.1aSP"
},
{
"version_affected": "=",
"version_value": "3.18.1gSP"
},
{
"version_affected": "=",
"version_value": "3.18.1bSP"
},
{
"version_affected": "=",
"version_value": "3.18.1cSP"
},
{
"version_affected": "=",
"version_value": "3.18.2SP"
},
{
"version_affected": "=",
"version_value": "3.18.1hSP"
},
{
"version_affected": "=",
"version_value": "3.18.2aSP"
},
{
"version_affected": "=",
"version_value": "3.18.1iSP"
},
{
"version_affected": "=",
"version_value": "3.18.3SP"
},
{
"version_affected": "=",
"version_value": "3.18.4SP"
},
{
"version_affected": "=",
"version_value": "3.18.3aSP"
},
{
"version_affected": "=",
"version_value": "3.18.3bSP"
},
{
"version_affected": "=",
"version_value": "3.18.5SP"
},
{
"version_affected": "=",
"version_value": "3.9.0E"
},
{
"version_affected": "=",
"version_value": "3.9.1E"
},
{
"version_affected": "=",
"version_value": "3.9.2E"
},
{
"version_affected": "=",
"version_value": "3.9.2bE"
},
{
"version_affected": "=",
"version_value": "16.6.1"
},
{
"version_affected": "=",
"version_value": "16.6.2"
},
{
"version_affected": "=",
"version_value": "16.6.3"
},
{
"version_affected": "=",
"version_value": "16.6.4"
},
{
"version_affected": "=",
"version_value": "16.6.4s"
},
{
"version_affected": "=",
"version_value": "16.6.4a"
},
{
"version_affected": "=",
"version_value": "16.7.1"
},
{
"version_affected": "=",
"version_value": "16.7.1a"
},
{
"version_affected": "=",
"version_value": "16.7.1b"
},
{
"version_affected": "=",
"version_value": "16.7.2"
},
{
"version_affected": "=",
"version_value": "16.8.1"
},
{
"version_affected": "=",
"version_value": "16.8.1a"
},
{
"version_affected": "=",
"version_value": "16.8.1b"
},
{
"version_affected": "=",
"version_value": "16.8.1s"
},
{
"version_affected": "=",
"version_value": "16.8.1c"
},
{
"version_affected": "=",
"version_value": "16.8.1d"
},
{
"version_affected": "=",
"version_value": "16.8.2"
},
{
"version_affected": "=",
"version_value": "16.8.1e"
},
{
"version_affected": "=",
"version_value": "16.9.1"
},
{
"version_affected": "=",
"version_value": "16.9.1a"
},
{
"version_affected": "=",
"version_value": "16.9.1b"
},
{
"version_affected": "=",
"version_value": "16.9.1s"
},
{
"version_affected": "=",
"version_value": "16.9.1c"
},
{
"version_affected": "=",
"version_value": "16.9.1d"
},
{
"version_affected": "=",
"version_value": "3.10.0E"
},
{
"version_affected": "=",
"version_value": "3.10.1E"
},
{
"version_affected": "=",
"version_value": "3.10.0cE"
},
{
"version_affected": "=",
"version_value": "3.10.2E"
},
{
"version_affected": "=",
"version_value": "3.10.1aE"
},
{
"version_affected": "=",
"version_value": "3.10.1sE"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Hot Standby Router Protocol (HSRP) subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to receive potentially sensitive information from an affected device. The vulnerability is due to insufficient memory initialization. An attacker could exploit this vulnerability by receiving HSRPv2 traffic from an adjacent HSRP member. A successful exploit could allow the attacker to receive potentially sensitive information from the adjacent device."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "4.3",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-665"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190327 Cisco IOS and IOS XE Software Hot Standby Router Protocol Information Leak Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-ios-infoleak"
},
{
"name": "107620",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107620"
}
]
},
"source": {
"advisory": "cisco-sa-20190327-ios-infoleak",
"defect": [
[
"CSCvj98575"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2019-1761",
"datePublished": "2019-03-28T00:25:15.422606Z",
"dateReserved": "2018-12-06T00:00:00",
"dateUpdated": "2024-11-21T19:41:22.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-1746
Vulnerability from cvelistv5
Published
2019-03-27 23:45
Modified
2024-11-21 19:41
Severity ?
EPSS score ?
Summary
A vulnerability in the Cluster Management Protocol (CMP) processing code in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation when processing CMP management packets. An attacker could exploit this vulnerability by sending malicious CMP management packets to an affected device. A successful exploit could cause the switch to crash, resulting in a DoS condition. The switch will reload automatically.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-cmp-dos | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/107612 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco IOS and IOS XE Software |
Version: 3.2.0SG Version: 3.2.1SG Version: 3.2.2SG Version: 3.2.3SG Version: 3.2.4SG Version: 3.2.5SG Version: 3.2.6SG Version: 3.2.7SG Version: 3.2.8SG Version: 3.2.9SG Version: 3.2.10SG Version: 3.2.11SG Version: 3.3.0SG Version: 3.3.2SG Version: 3.3.1SG Version: 3.3.0XO Version: 3.3.1XO Version: 3.3.2XO Version: 3.4.0SG Version: 3.4.2SG Version: 3.4.1SG Version: 3.4.3SG Version: 3.4.4SG Version: 3.4.5SG Version: 3.4.6SG Version: 3.4.7SG Version: 3.4.8SG Version: 3.5.0E Version: 3.5.1E Version: 3.5.2E Version: 3.5.3E Version: 3.10.4S Version: 3.12.0aS Version: 3.6.0E Version: 3.6.1E Version: 3.6.0aE Version: 3.6.0bE Version: 3.6.2aE Version: 3.6.2E Version: 3.6.3E Version: 3.6.4E Version: 3.6.5E Version: 3.6.6E Version: 3.6.5aE Version: 3.6.5bE Version: 3.6.7E Version: 3.6.8E Version: 3.6.7aE Version: 3.6.7bE Version: 3.6.9E Version: 3.6.10E Version: 3.3.0SQ Version: 3.3.1SQ Version: 3.4.0SQ Version: 3.4.1SQ Version: 3.7.0E Version: 3.7.1E Version: 3.7.2E Version: 3.7.3E Version: 3.7.4E Version: 3.7.5E Version: 3.5.0SQ Version: 3.5.1SQ Version: 3.5.2SQ Version: 3.5.3SQ Version: 3.5.4SQ Version: 3.5.5SQ Version: 3.5.6SQ Version: 3.5.7SQ Version: 3.5.8SQ Version: 3.16.1S Version: 3.16.0bS Version: 3.16.10S Version: 3.8.0E Version: 3.8.1E Version: 3.8.2E Version: 3.8.3E Version: 3.8.4E Version: 3.8.5E Version: 3.8.5aE Version: 3.8.6E Version: 3.8.7E Version: 3.9.0E Version: 3.9.1E Version: 3.9.2E Version: 3.9.2bE Version: 16.9.2h Version: 3.10.0E Version: 3.10.1E Version: 3.10.0cE Version: 3.10.1aE Version: 3.10.1sE Version: 16.12.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:28:42.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190327 Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-cmp-dos"
},
{
"name": "107612",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107612"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-1746",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-21T18:59:52.919534Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T19:41:58.266Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS and IOS XE Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2.0SG"
},
{
"status": "affected",
"version": "3.2.1SG"
},
{
"status": "affected",
"version": "3.2.2SG"
},
{
"status": "affected",
"version": "3.2.3SG"
},
{
"status": "affected",
"version": "3.2.4SG"
},
{
"status": "affected",
"version": "3.2.5SG"
},
{
"status": "affected",
"version": "3.2.6SG"
},
{
"status": "affected",
"version": "3.2.7SG"
},
{
"status": "affected",
"version": "3.2.8SG"
},
{
"status": "affected",
"version": "3.2.9SG"
},
{
"status": "affected",
"version": "3.2.10SG"
},
{
"status": "affected",
"version": "3.2.11SG"
},
{
"status": "affected",
"version": "3.3.0SG"
},
{
"status": "affected",
"version": "3.3.2SG"
},
{
"status": "affected",
"version": "3.3.1SG"
},
{
"status": "affected",
"version": "3.3.0XO"
},
{
"status": "affected",
"version": "3.3.1XO"
},
{
"status": "affected",
"version": "3.3.2XO"
},
{
"status": "affected",
"version": "3.4.0SG"
},
{
"status": "affected",
"version": "3.4.2SG"
},
{
"status": "affected",
"version": "3.4.1SG"
},
{
"status": "affected",
"version": "3.4.3SG"
},
{
"status": "affected",
"version": "3.4.4SG"
},
{
"status": "affected",
"version": "3.4.5SG"
},
{
"status": "affected",
"version": "3.4.6SG"
},
{
"status": "affected",
"version": "3.4.7SG"
},
{
"status": "affected",
"version": "3.4.8SG"
},
{
"status": "affected",
"version": "3.5.0E"
},
{
"status": "affected",
"version": "3.5.1E"
},
{
"status": "affected",
"version": "3.5.2E"
},
{
"status": "affected",
"version": "3.5.3E"
},
{
"status": "affected",
"version": "3.10.4S"
},
{
"status": "affected",
"version": "3.12.0aS"
},
{
"status": "affected",
"version": "3.6.0E"
},
{
"status": "affected",
"version": "3.6.1E"
},
{
"status": "affected",
"version": "3.6.0aE"
},
{
"status": "affected",
"version": "3.6.0bE"
},
{
"status": "affected",
"version": "3.6.2aE"
},
{
"status": "affected",
"version": "3.6.2E"
},
{
"status": "affected",
"version": "3.6.3E"
},
{
"status": "affected",
"version": "3.6.4E"
},
{
"status": "affected",
"version": "3.6.5E"
},
{
"status": "affected",
"version": "3.6.6E"
},
{
"status": "affected",
"version": "3.6.5aE"
},
{
"status": "affected",
"version": "3.6.5bE"
},
{
"status": "affected",
"version": "3.6.7E"
},
{
"status": "affected",
"version": "3.6.8E"
},
{
"status": "affected",
"version": "3.6.7aE"
},
{
"status": "affected",
"version": "3.6.7bE"
},
{
"status": "affected",
"version": "3.6.9E"
},
{
"status": "affected",
"version": "3.6.10E"
},
{
"status": "affected",
"version": "3.3.0SQ"
},
{
"status": "affected",
"version": "3.3.1SQ"
},
{
"status": "affected",
"version": "3.4.0SQ"
},
{
"status": "affected",
"version": "3.4.1SQ"
},
{
"status": "affected",
"version": "3.7.0E"
},
{
"status": "affected",
"version": "3.7.1E"
},
{
"status": "affected",
"version": "3.7.2E"
},
{
"status": "affected",
"version": "3.7.3E"
},
{
"status": "affected",
"version": "3.7.4E"
},
{
"status": "affected",
"version": "3.7.5E"
},
{
"status": "affected",
"version": "3.5.0SQ"
},
{
"status": "affected",
"version": "3.5.1SQ"
},
{
"status": "affected",
"version": "3.5.2SQ"
},
{
"status": "affected",
"version": "3.5.3SQ"
},
{
"status": "affected",
"version": "3.5.4SQ"
},
{
"status": "affected",
"version": "3.5.5SQ"
},
{
"status": "affected",
"version": "3.5.6SQ"
},
{
"status": "affected",
"version": "3.5.7SQ"
},
{
"status": "affected",
"version": "3.5.8SQ"
},
{
"status": "affected",
"version": "3.16.1S"
},
{
"status": "affected",
"version": "3.16.0bS"
},
{
"status": "affected",
"version": "3.16.10S"
},
{
"status": "affected",
"version": "3.8.0E"
},
{
"status": "affected",
"version": "3.8.1E"
},
{
"status": "affected",
"version": "3.8.2E"
},
{
"status": "affected",
"version": "3.8.3E"
},
{
"status": "affected",
"version": "3.8.4E"
},
{
"status": "affected",
"version": "3.8.5E"
},
{
"status": "affected",
"version": "3.8.5aE"
},
{
"status": "affected",
"version": "3.8.6E"
},
{
"status": "affected",
"version": "3.8.7E"
},
{
"status": "affected",
"version": "3.9.0E"
},
{
"status": "affected",
"version": "3.9.1E"
},
{
"status": "affected",
"version": "3.9.2E"
},
{
"status": "affected",
"version": "3.9.2bE"
},
{
"status": "affected",
"version": "16.9.2h"
},
{
"status": "affected",
"version": "3.10.0E"
},
{
"status": "affected",
"version": "3.10.1E"
},
{
"status": "affected",
"version": "3.10.0cE"
},
{
"status": "affected",
"version": "3.10.1aE"
},
{
"status": "affected",
"version": "3.10.1sE"
},
{
"status": "affected",
"version": "16.12.1"
}
]
}
],
"datePublic": "2019-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Cluster Management Protocol (CMP) processing code in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation when processing CMP management packets. An attacker could exploit this vulnerability by sending malicious CMP management packets to an affected device. A successful exploit could cause the switch to crash, resulting in a DoS condition. The switch will reload automatically."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-29T06:06:05",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20190327 Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-cmp-dos"
},
{
"name": "107612",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107612"
}
],
"source": {
"advisory": "cisco-sa-20190327-cmp-dos",
"defect": [
[
"CSCvj25068",
"CSCvj25124"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-03-27T16:00:00-0700",
"ID": "CVE-2019-1746",
"STATE": "PUBLIC",
"TITLE": "Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS and IOS XE Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.2.0SG"
},
{
"version_affected": "=",
"version_value": "3.2.1SG"
},
{
"version_affected": "=",
"version_value": "3.2.2SG"
},
{
"version_affected": "=",
"version_value": "3.2.3SG"
},
{
"version_affected": "=",
"version_value": "3.2.4SG"
},
{
"version_affected": "=",
"version_value": "3.2.5SG"
},
{
"version_affected": "=",
"version_value": "3.2.6SG"
},
{
"version_affected": "=",
"version_value": "3.2.7SG"
},
{
"version_affected": "=",
"version_value": "3.2.8SG"
},
{
"version_affected": "=",
"version_value": "3.2.9SG"
},
{
"version_affected": "=",
"version_value": "3.2.10SG"
},
{
"version_affected": "=",
"version_value": "3.2.11SG"
},
{
"version_affected": "=",
"version_value": "3.3.0SG"
},
{
"version_affected": "=",
"version_value": "3.3.2SG"
},
{
"version_affected": "=",
"version_value": "3.3.1SG"
},
{
"version_affected": "=",
"version_value": "3.3.0XO"
},
{
"version_affected": "=",
"version_value": "3.3.1XO"
},
{
"version_affected": "=",
"version_value": "3.3.2XO"
},
{
"version_affected": "=",
"version_value": "3.4.0SG"
},
{
"version_affected": "=",
"version_value": "3.4.2SG"
},
{
"version_affected": "=",
"version_value": "3.4.1SG"
},
{
"version_affected": "=",
"version_value": "3.4.3SG"
},
{
"version_affected": "=",
"version_value": "3.4.4SG"
},
{
"version_affected": "=",
"version_value": "3.4.5SG"
},
{
"version_affected": "=",
"version_value": "3.4.6SG"
},
{
"version_affected": "=",
"version_value": "3.4.7SG"
},
{
"version_affected": "=",
"version_value": "3.4.8SG"
},
{
"version_affected": "=",
"version_value": "3.5.0E"
},
{
"version_affected": "=",
"version_value": "3.5.1E"
},
{
"version_affected": "=",
"version_value": "3.5.2E"
},
{
"version_affected": "=",
"version_value": "3.5.3E"
},
{
"version_affected": "=",
"version_value": "3.10.4S"
},
{
"version_affected": "=",
"version_value": "3.12.0aS"
},
{
"version_affected": "=",
"version_value": "3.6.0E"
},
{
"version_affected": "=",
"version_value": "3.6.1E"
},
{
"version_affected": "=",
"version_value": "3.6.0aE"
},
{
"version_affected": "=",
"version_value": "3.6.0bE"
},
{
"version_affected": "=",
"version_value": "3.6.2aE"
},
{
"version_affected": "=",
"version_value": "3.6.2E"
},
{
"version_affected": "=",
"version_value": "3.6.3E"
},
{
"version_affected": "=",
"version_value": "3.6.4E"
},
{
"version_affected": "=",
"version_value": "3.6.5E"
},
{
"version_affected": "=",
"version_value": "3.6.6E"
},
{
"version_affected": "=",
"version_value": "3.6.5aE"
},
{
"version_affected": "=",
"version_value": "3.6.5bE"
},
{
"version_affected": "=",
"version_value": "3.6.7E"
},
{
"version_affected": "=",
"version_value": "3.6.8E"
},
{
"version_affected": "=",
"version_value": "3.6.7aE"
},
{
"version_affected": "=",
"version_value": "3.6.7bE"
},
{
"version_affected": "=",
"version_value": "3.6.9E"
},
{
"version_affected": "=",
"version_value": "3.6.10E"
},
{
"version_affected": "=",
"version_value": "3.3.0SQ"
},
{
"version_affected": "=",
"version_value": "3.3.1SQ"
},
{
"version_affected": "=",
"version_value": "3.4.0SQ"
},
{
"version_affected": "=",
"version_value": "3.4.1SQ"
},
{
"version_affected": "=",
"version_value": "3.7.0E"
},
{
"version_affected": "=",
"version_value": "3.7.1E"
},
{
"version_affected": "=",
"version_value": "3.7.2E"
},
{
"version_affected": "=",
"version_value": "3.7.3E"
},
{
"version_affected": "=",
"version_value": "3.7.4E"
},
{
"version_affected": "=",
"version_value": "3.7.5E"
},
{
"version_affected": "=",
"version_value": "3.5.0SQ"
},
{
"version_affected": "=",
"version_value": "3.5.1SQ"
},
{
"version_affected": "=",
"version_value": "3.5.2SQ"
},
{
"version_affected": "=",
"version_value": "3.5.3SQ"
},
{
"version_affected": "=",
"version_value": "3.5.4SQ"
},
{
"version_affected": "=",
"version_value": "3.5.5SQ"
},
{
"version_affected": "=",
"version_value": "3.5.6SQ"
},
{
"version_affected": "=",
"version_value": "3.5.7SQ"
},
{
"version_affected": "=",
"version_value": "3.5.8SQ"
},
{
"version_affected": "=",
"version_value": "3.16.1S"
},
{
"version_affected": "=",
"version_value": "3.16.0bS"
},
{
"version_affected": "=",
"version_value": "3.16.10S"
},
{
"version_affected": "=",
"version_value": "3.8.0E"
},
{
"version_affected": "=",
"version_value": "3.8.1E"
},
{
"version_affected": "=",
"version_value": "3.8.2E"
},
{
"version_affected": "=",
"version_value": "3.8.3E"
},
{
"version_affected": "=",
"version_value": "3.8.4E"
},
{
"version_affected": "=",
"version_value": "3.8.5E"
},
{
"version_affected": "=",
"version_value": "3.8.5aE"
},
{
"version_affected": "=",
"version_value": "3.8.6E"
},
{
"version_affected": "=",
"version_value": "3.8.7E"
},
{
"version_affected": "=",
"version_value": "3.9.0E"
},
{
"version_affected": "=",
"version_value": "3.9.1E"
},
{
"version_affected": "=",
"version_value": "3.9.2E"
},
{
"version_affected": "=",
"version_value": "3.9.2bE"
},
{
"version_affected": "=",
"version_value": "16.9.2h"
},
{
"version_affected": "=",
"version_value": "3.10.0E"
},
{
"version_affected": "=",
"version_value": "3.10.1E"
},
{
"version_affected": "=",
"version_value": "3.10.0cE"
},
{
"version_affected": "=",
"version_value": "3.10.1aE"
},
{
"version_affected": "=",
"version_value": "3.10.1sE"
},
{
"version_affected": "=",
"version_value": "16.12.1"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Cluster Management Protocol (CMP) processing code in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation when processing CMP management packets. An attacker could exploit this vulnerability by sending malicious CMP management packets to an affected device. A successful exploit could cause the switch to crash, resulting in a DoS condition. The switch will reload automatically."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "7.4",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190327 Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-cmp-dos"
},
{
"name": "107612",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107612"
}
]
},
"source": {
"advisory": "cisco-sa-20190327-cmp-dos",
"defect": [
[
"CSCvj25068",
"CSCvj25124"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2019-1746",
"datePublished": "2019-03-27T23:45:13.618675Z",
"dateReserved": "2018-12-06T00:00:00",
"dateUpdated": "2024-11-21T19:41:58.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-1762
Vulnerability from cvelistv5
Published
2019-03-28 00:30
Modified
2024-09-16 20:43
Severity ?
EPSS score ?
Summary
A vulnerability in the Secure Storage feature of Cisco IOS and IOS XE Software could allow an authenticated, local attacker to access sensitive system information on an affected device. The vulnerability is due to improper memory operations performed at encryption time, when affected software handles configuration updates. An attacker could exploit this vulnerability by retrieving the contents of specific memory locations of an affected device. A successful exploit could result in the disclosure of keying materials that are part of the device configuration, which can be used to recover critical system information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-info | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/107594 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco IOS and IOS XE Software |
Version: 16.6.1 Version: 16.6.2 Version: 16.6.3 Version: 16.6.4 Version: 16.6.4s Version: 16.6.4a Version: 16.7.1 Version: 16.7.1a Version: 16.7.1b Version: 16.7.2 Version: 16.7.3 Version: 16.7.4 Version: 16.8.1 Version: 16.8.1a Version: 16.8.1b Version: 16.8.1s Version: 16.8.1c Version: 16.8.1d Version: 16.8.2 Version: 16.8.1e Version: 16.9.1 Version: 16.9.2 Version: 16.9.1a Version: 16.9.1b Version: 16.9.1s Version: 16.9.1c Version: 16.9.1d Version: 16.9.2a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:28:42.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190327 Cisco IOS and IOS XE Software Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-info"
},
{
"name": "107594",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107594"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS and IOS XE Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "16.6.1"
},
{
"status": "affected",
"version": "16.6.2"
},
{
"status": "affected",
"version": "16.6.3"
},
{
"status": "affected",
"version": "16.6.4"
},
{
"status": "affected",
"version": "16.6.4s"
},
{
"status": "affected",
"version": "16.6.4a"
},
{
"status": "affected",
"version": "16.7.1"
},
{
"status": "affected",
"version": "16.7.1a"
},
{
"status": "affected",
"version": "16.7.1b"
},
{
"status": "affected",
"version": "16.7.2"
},
{
"status": "affected",
"version": "16.7.3"
},
{
"status": "affected",
"version": "16.7.4"
},
{
"status": "affected",
"version": "16.8.1"
},
{
"status": "affected",
"version": "16.8.1a"
},
{
"status": "affected",
"version": "16.8.1b"
},
{
"status": "affected",
"version": "16.8.1s"
},
{
"status": "affected",
"version": "16.8.1c"
},
{
"status": "affected",
"version": "16.8.1d"
},
{
"status": "affected",
"version": "16.8.2"
},
{
"status": "affected",
"version": "16.8.1e"
},
{
"status": "affected",
"version": "16.9.1"
},
{
"status": "affected",
"version": "16.9.2"
},
{
"status": "affected",
"version": "16.9.1a"
},
{
"status": "affected",
"version": "16.9.1b"
},
{
"status": "affected",
"version": "16.9.1s"
},
{
"status": "affected",
"version": "16.9.1c"
},
{
"status": "affected",
"version": "16.9.1d"
},
{
"status": "affected",
"version": "16.9.2a"
}
]
}
],
"datePublic": "2019-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Secure Storage feature of Cisco IOS and IOS XE Software could allow an authenticated, local attacker to access sensitive system information on an affected device. The vulnerability is due to improper memory operations performed at encryption time, when affected software handles configuration updates. An attacker could exploit this vulnerability by retrieving the contents of specific memory locations of an affected device. A successful exploit could result in the disclosure of keying materials that are part of the device configuration, which can be used to recover critical system information."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-28T07:06:20",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20190327 Cisco IOS and IOS XE Software Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-info"
},
{
"name": "107594",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107594"
}
],
"source": {
"advisory": "cisco-sa-20190327-info",
"defect": [
[
"CSCvg97571",
"CSCvi66418"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS and IOS XE Software Information Disclosure Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-03-27T16:00:00-0700",
"ID": "CVE-2019-1762",
"STATE": "PUBLIC",
"TITLE": "Cisco IOS and IOS XE Software Information Disclosure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS and IOS XE Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "16.6.1"
},
{
"version_affected": "=",
"version_value": "16.6.2"
},
{
"version_affected": "=",
"version_value": "16.6.3"
},
{
"version_affected": "=",
"version_value": "16.6.4"
},
{
"version_affected": "=",
"version_value": "16.6.4s"
},
{
"version_affected": "=",
"version_value": "16.6.4a"
},
{
"version_affected": "=",
"version_value": "16.7.1"
},
{
"version_affected": "=",
"version_value": "16.7.1a"
},
{
"version_affected": "=",
"version_value": "16.7.1b"
},
{
"version_affected": "=",
"version_value": "16.7.2"
},
{
"version_affected": "=",
"version_value": "16.7.3"
},
{
"version_affected": "=",
"version_value": "16.7.4"
},
{
"version_affected": "=",
"version_value": "16.8.1"
},
{
"version_affected": "=",
"version_value": "16.8.1a"
},
{
"version_affected": "=",
"version_value": "16.8.1b"
},
{
"version_affected": "=",
"version_value": "16.8.1s"
},
{
"version_affected": "=",
"version_value": "16.8.1c"
},
{
"version_affected": "=",
"version_value": "16.8.1d"
},
{
"version_affected": "=",
"version_value": "16.8.2"
},
{
"version_affected": "=",
"version_value": "16.8.1e"
},
{
"version_affected": "=",
"version_value": "16.9.1"
},
{
"version_affected": "=",
"version_value": "16.9.2"
},
{
"version_affected": "=",
"version_value": "16.9.1a"
},
{
"version_affected": "=",
"version_value": "16.9.1b"
},
{
"version_affected": "=",
"version_value": "16.9.1s"
},
{
"version_affected": "=",
"version_value": "16.9.1c"
},
{
"version_affected": "=",
"version_value": "16.9.1d"
},
{
"version_affected": "=",
"version_value": "16.9.2a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Secure Storage feature of Cisco IOS and IOS XE Software could allow an authenticated, local attacker to access sensitive system information on an affected device. The vulnerability is due to improper memory operations performed at encryption time, when affected software handles configuration updates. An attacker could exploit this vulnerability by retrieving the contents of specific memory locations of an affected device. A successful exploit could result in the disclosure of keying materials that are part of the device configuration, which can be used to recover critical system information."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "4.4",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190327 Cisco IOS and IOS XE Software Information Disclosure Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-info"
},
{
"name": "107594",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107594"
}
]
},
"source": {
"advisory": "cisco-sa-20190327-info",
"defect": [
[
"CSCvg97571",
"CSCvi66418"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2019-1762",
"datePublished": "2019-03-28T00:30:15.849984Z",
"dateReserved": "2018-12-06T00:00:00",
"dateUpdated": "2024-09-16T20:43:39.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-1747
Vulnerability from cvelistv5
Published
2019-03-27 23:50
Modified
2024-11-19 19:13
Severity ?
EPSS score ?
Summary
A vulnerability in the implementation of the Short Message Service (SMS) handling functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to improper processing of SMS protocol data units (PDUs) that are encoded with a special character set. An attacker could exploit this vulnerability by sending a malicious SMS message to an affected device. A successful exploit could allow the attacker to cause the wireless WAN (WWAN) cellular interface module on an affected device to crash, resulting in a DoS condition that would require manual intervention to restore normal operating conditions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-sms-dos | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/107599 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco IOS and IOS XE Software |
Version: 16.10.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:28:42.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190327 Cisco IOS and IOS XE Software Short Message Service Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-sms-dos"
},
{
"name": "107599",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107599"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-1747",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T17:25:02.319663Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T19:13:22.995Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS and IOS XE Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "16.10.1"
}
]
}
],
"datePublic": "2019-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the implementation of the Short Message Service (SMS) handling functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to improper processing of SMS protocol data units (PDUs) that are encoded with a special character set. An attacker could exploit this vulnerability by sending a malicious SMS message to an affected device. A successful exploit could allow the attacker to cause the wireless WAN (WWAN) cellular interface module on an affected device to crash, resulting in a DoS condition that would require manual intervention to restore normal operating conditions."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-28T09:06:08",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20190327 Cisco IOS and IOS XE Software Short Message Service Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-sms-dos"
},
{
"name": "107599",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107599"
}
],
"source": {
"advisory": "cisco-sa-20190327-sms-dos",
"defect": [
[
"CSCvm07801"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS and IOS XE Software Short Message Service Denial of Service Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-03-27T16:00:00-0700",
"ID": "CVE-2019-1747",
"STATE": "PUBLIC",
"TITLE": "Cisco IOS and IOS XE Software Short Message Service Denial of Service Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS and IOS XE Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "16.10.1"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the implementation of the Short Message Service (SMS) handling functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to improper processing of SMS protocol data units (PDUs) that are encoded with a special character set. An attacker could exploit this vulnerability by sending a malicious SMS message to an affected device. A successful exploit could allow the attacker to cause the wireless WAN (WWAN) cellular interface module on an affected device to crash, resulting in a DoS condition that would require manual intervention to restore normal operating conditions."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "8.6",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190327 Cisco IOS and IOS XE Software Short Message Service Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-sms-dos"
},
{
"name": "107599",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107599"
}
]
},
"source": {
"advisory": "cisco-sa-20190327-sms-dos",
"defect": [
[
"CSCvm07801"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2019-1747",
"datePublished": "2019-03-27T23:50:19.444956Z",
"dateReserved": "2018-12-06T00:00:00",
"dateUpdated": "2024-11-19T19:13:22.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-1748
Vulnerability from cvelistv5
Published
2019-03-27 23:50
Modified
2024-09-17 02:02
Severity ?
EPSS score ?
Summary
A vulnerability in the Cisco Network Plug-and-Play (PnP) agent of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability exists because the affected software insufficiently validates certificates. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt and modify confidential information on user connections to the affected software.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-pnp-cert | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/107619 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco IOS and IOS XE Software |
Version: 3.7.7S Version: 3.9.1S Version: 3.9.0S Version: 3.9.2S Version: 3.9.1aS Version: 3.9.0aS Version: 3.3.0SE Version: 3.3.1SE Version: 3.3.2SE Version: 3.3.3SE Version: 3.3.4SE Version: 3.3.5SE Version: 3.3.0XO Version: 3.3.1XO Version: 3.3.2XO Version: 3.5.0E Version: 3.5.1E Version: 3.5.2E Version: 3.5.3E Version: 3.10.0S Version: 3.10.1S Version: 3.10.2S Version: 3.10.3S Version: 3.10.4S Version: 3.10.5S Version: 3.10.6S Version: 3.10.2aS Version: 3.10.2tS Version: 3.10.7S Version: 3.10.8S Version: 3.10.8aS Version: 3.10.9S Version: 3.10.10S Version: 3.11.1S Version: 3.11.2S Version: 3.11.0S Version: 3.11.3S Version: 3.11.4S Version: 3.12.0S Version: 3.12.1S Version: 3.12.2S Version: 3.12.3S Version: 3.12.0aS Version: 3.12.4S Version: 3.13.0S Version: 3.13.1S Version: 3.13.2S Version: 3.13.3S Version: 3.13.4S Version: 3.13.5S Version: 3.13.2aS Version: 3.13.0aS Version: 3.13.5aS Version: 3.13.6S Version: 3.13.7S Version: 3.13.6aS Version: 3.13.6bS Version: 3.13.7aS Version: 3.13.8S Version: 3.13.9S Version: 3.6.0E Version: 3.6.1E Version: 3.6.0aE Version: 3.6.0bE Version: 3.6.2aE Version: 3.6.2E Version: 3.6.3E Version: 3.6.4E Version: 3.6.5E Version: 3.6.6E Version: 3.6.5aE Version: 3.6.5bE Version: 3.6.7E Version: 3.6.7aE Version: 3.6.7bE Version: 3.6.9E Version: 3.6.10E Version: 3.6.9aE Version: 3.14.0S Version: 3.14.1S Version: 3.14.2S Version: 3.14.3S Version: 3.14.4S Version: 3.15.0S Version: 3.15.1S Version: 3.15.2S Version: 3.15.1cS Version: 3.15.3S Version: 3.15.4S Version: 3.7.0E Version: 3.7.1E Version: 3.7.2E Version: 3.7.3E Version: 3.7.4E Version: 3.7.5E Version: 3.16.0S Version: 3.16.1S Version: 3.16.0aS Version: 3.16.1aS Version: 3.16.2S Version: 3.16.2aS Version: 3.16.0bS Version: 3.16.0cS Version: 3.16.3S Version: 3.16.2bS Version: 3.16.3aS Version: 3.16.4S Version: 3.16.4aS Version: 3.16.4bS Version: 3.16.4gS Version: 3.16.5S Version: 3.16.4cS Version: 3.16.4dS Version: 3.16.4eS Version: 3.16.6S Version: 3.16.5aS Version: 3.16.5bS Version: 3.16.7S Version: 3.16.6bS Version: 3.16.7aS Version: 3.17.0S Version: 3.17.1S Version: 3.17.2S Version: 3.17.1aS Version: 3.17.3S Version: 3.17.4S Version: 16.1.1 Version: 16.1.2 Version: 16.1.3 Version: 16.2.1 Version: 16.2.2 Version: 3.8.0E Version: 3.8.1E Version: 3.8.2E Version: 3.8.3E Version: 3.8.4E Version: 3.8.5E Version: 3.8.5aE Version: 3.8.6E Version: 16.3.1 Version: 16.3.2 Version: 16.3.3 Version: 16.3.1a Version: 16.3.4 Version: 16.3.5 Version: 16.3.5b Version: 16.4.1 Version: 16.4.2 Version: 16.4.3 Version: 16.5.1 Version: 16.5.1a Version: 16.5.1b Version: 16.5.2 Version: 3.18.0aS Version: 3.18.0S Version: 3.18.1S Version: 3.18.2S Version: 3.18.3S Version: 3.18.4S Version: 3.18.0SP Version: 3.18.1SP Version: 3.18.1aSP Version: 3.18.1gSP Version: 3.18.1bSP Version: 3.18.1cSP Version: 3.18.2SP Version: 3.18.1hSP Version: 3.18.2aSP Version: 3.18.1iSP Version: 3.18.3SP Version: 3.18.4SP Version: 3.18.3aSP Version: 3.18.3bSP Version: 3.18.5SP Version: 3.9.0E Version: 3.9.1E Version: 3.9.2E Version: 3.9.2bE Version: 16.6.1 Version: 16.6.2 Version: 3.10.0E Version: 3.10.0cE |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:28:42.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190327 Cisco IOS and IOS XE Software Network Plug-and-Play Agent Certificate Validation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-pnp-cert"
},
{
"name": "107619",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107619"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS and IOS XE Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.7.7S"
},
{
"status": "affected",
"version": "3.9.1S"
},
{
"status": "affected",
"version": "3.9.0S"
},
{
"status": "affected",
"version": "3.9.2S"
},
{
"status": "affected",
"version": "3.9.1aS"
},
{
"status": "affected",
"version": "3.9.0aS"
},
{
"status": "affected",
"version": "3.3.0SE"
},
{
"status": "affected",
"version": "3.3.1SE"
},
{
"status": "affected",
"version": "3.3.2SE"
},
{
"status": "affected",
"version": "3.3.3SE"
},
{
"status": "affected",
"version": "3.3.4SE"
},
{
"status": "affected",
"version": "3.3.5SE"
},
{
"status": "affected",
"version": "3.3.0XO"
},
{
"status": "affected",
"version": "3.3.1XO"
},
{
"status": "affected",
"version": "3.3.2XO"
},
{
"status": "affected",
"version": "3.5.0E"
},
{
"status": "affected",
"version": "3.5.1E"
},
{
"status": "affected",
"version": "3.5.2E"
},
{
"status": "affected",
"version": "3.5.3E"
},
{
"status": "affected",
"version": "3.10.0S"
},
{
"status": "affected",
"version": "3.10.1S"
},
{
"status": "affected",
"version": "3.10.2S"
},
{
"status": "affected",
"version": "3.10.3S"
},
{
"status": "affected",
"version": "3.10.4S"
},
{
"status": "affected",
"version": "3.10.5S"
},
{
"status": "affected",
"version": "3.10.6S"
},
{
"status": "affected",
"version": "3.10.2aS"
},
{
"status": "affected",
"version": "3.10.2tS"
},
{
"status": "affected",
"version": "3.10.7S"
},
{
"status": "affected",
"version": "3.10.8S"
},
{
"status": "affected",
"version": "3.10.8aS"
},
{
"status": "affected",
"version": "3.10.9S"
},
{
"status": "affected",
"version": "3.10.10S"
},
{
"status": "affected",
"version": "3.11.1S"
},
{
"status": "affected",
"version": "3.11.2S"
},
{
"status": "affected",
"version": "3.11.0S"
},
{
"status": "affected",
"version": "3.11.3S"
},
{
"status": "affected",
"version": "3.11.4S"
},
{
"status": "affected",
"version": "3.12.0S"
},
{
"status": "affected",
"version": "3.12.1S"
},
{
"status": "affected",
"version": "3.12.2S"
},
{
"status": "affected",
"version": "3.12.3S"
},
{
"status": "affected",
"version": "3.12.0aS"
},
{
"status": "affected",
"version": "3.12.4S"
},
{
"status": "affected",
"version": "3.13.0S"
},
{
"status": "affected",
"version": "3.13.1S"
},
{
"status": "affected",
"version": "3.13.2S"
},
{
"status": "affected",
"version": "3.13.3S"
},
{
"status": "affected",
"version": "3.13.4S"
},
{
"status": "affected",
"version": "3.13.5S"
},
{
"status": "affected",
"version": "3.13.2aS"
},
{
"status": "affected",
"version": "3.13.0aS"
},
{
"status": "affected",
"version": "3.13.5aS"
},
{
"status": "affected",
"version": "3.13.6S"
},
{
"status": "affected",
"version": "3.13.7S"
},
{
"status": "affected",
"version": "3.13.6aS"
},
{
"status": "affected",
"version": "3.13.6bS"
},
{
"status": "affected",
"version": "3.13.7aS"
},
{
"status": "affected",
"version": "3.13.8S"
},
{
"status": "affected",
"version": "3.13.9S"
},
{
"status": "affected",
"version": "3.6.0E"
},
{
"status": "affected",
"version": "3.6.1E"
},
{
"status": "affected",
"version": "3.6.0aE"
},
{
"status": "affected",
"version": "3.6.0bE"
},
{
"status": "affected",
"version": "3.6.2aE"
},
{
"status": "affected",
"version": "3.6.2E"
},
{
"status": "affected",
"version": "3.6.3E"
},
{
"status": "affected",
"version": "3.6.4E"
},
{
"status": "affected",
"version": "3.6.5E"
},
{
"status": "affected",
"version": "3.6.6E"
},
{
"status": "affected",
"version": "3.6.5aE"
},
{
"status": "affected",
"version": "3.6.5bE"
},
{
"status": "affected",
"version": "3.6.7E"
},
{
"status": "affected",
"version": "3.6.7aE"
},
{
"status": "affected",
"version": "3.6.7bE"
},
{
"status": "affected",
"version": "3.6.9E"
},
{
"status": "affected",
"version": "3.6.10E"
},
{
"status": "affected",
"version": "3.6.9aE"
},
{
"status": "affected",
"version": "3.14.0S"
},
{
"status": "affected",
"version": "3.14.1S"
},
{
"status": "affected",
"version": "3.14.2S"
},
{
"status": "affected",
"version": "3.14.3S"
},
{
"status": "affected",
"version": "3.14.4S"
},
{
"status": "affected",
"version": "3.15.0S"
},
{
"status": "affected",
"version": "3.15.1S"
},
{
"status": "affected",
"version": "3.15.2S"
},
{
"status": "affected",
"version": "3.15.1cS"
},
{
"status": "affected",
"version": "3.15.3S"
},
{
"status": "affected",
"version": "3.15.4S"
},
{
"status": "affected",
"version": "3.7.0E"
},
{
"status": "affected",
"version": "3.7.1E"
},
{
"status": "affected",
"version": "3.7.2E"
},
{
"status": "affected",
"version": "3.7.3E"
},
{
"status": "affected",
"version": "3.7.4E"
},
{
"status": "affected",
"version": "3.7.5E"
},
{
"status": "affected",
"version": "3.16.0S"
},
{
"status": "affected",
"version": "3.16.1S"
},
{
"status": "affected",
"version": "3.16.0aS"
},
{
"status": "affected",
"version": "3.16.1aS"
},
{
"status": "affected",
"version": "3.16.2S"
},
{
"status": "affected",
"version": "3.16.2aS"
},
{
"status": "affected",
"version": "3.16.0bS"
},
{
"status": "affected",
"version": "3.16.0cS"
},
{
"status": "affected",
"version": "3.16.3S"
},
{
"status": "affected",
"version": "3.16.2bS"
},
{
"status": "affected",
"version": "3.16.3aS"
},
{
"status": "affected",
"version": "3.16.4S"
},
{
"status": "affected",
"version": "3.16.4aS"
},
{
"status": "affected",
"version": "3.16.4bS"
},
{
"status": "affected",
"version": "3.16.4gS"
},
{
"status": "affected",
"version": "3.16.5S"
},
{
"status": "affected",
"version": "3.16.4cS"
},
{
"status": "affected",
"version": "3.16.4dS"
},
{
"status": "affected",
"version": "3.16.4eS"
},
{
"status": "affected",
"version": "3.16.6S"
},
{
"status": "affected",
"version": "3.16.5aS"
},
{
"status": "affected",
"version": "3.16.5bS"
},
{
"status": "affected",
"version": "3.16.7S"
},
{
"status": "affected",
"version": "3.16.6bS"
},
{
"status": "affected",
"version": "3.16.7aS"
},
{
"status": "affected",
"version": "3.17.0S"
},
{
"status": "affected",
"version": "3.17.1S"
},
{
"status": "affected",
"version": "3.17.2S"
},
{
"status": "affected",
"version": "3.17.1aS"
},
{
"status": "affected",
"version": "3.17.3S"
},
{
"status": "affected",
"version": "3.17.4S"
},
{
"status": "affected",
"version": "16.1.1"
},
{
"status": "affected",
"version": "16.1.2"
},
{
"status": "affected",
"version": "16.1.3"
},
{
"status": "affected",
"version": "16.2.1"
},
{
"status": "affected",
"version": "16.2.2"
},
{
"status": "affected",
"version": "3.8.0E"
},
{
"status": "affected",
"version": "3.8.1E"
},
{
"status": "affected",
"version": "3.8.2E"
},
{
"status": "affected",
"version": "3.8.3E"
},
{
"status": "affected",
"version": "3.8.4E"
},
{
"status": "affected",
"version": "3.8.5E"
},
{
"status": "affected",
"version": "3.8.5aE"
},
{
"status": "affected",
"version": "3.8.6E"
},
{
"status": "affected",
"version": "16.3.1"
},
{
"status": "affected",
"version": "16.3.2"
},
{
"status": "affected",
"version": "16.3.3"
},
{
"status": "affected",
"version": "16.3.1a"
},
{
"status": "affected",
"version": "16.3.4"
},
{
"status": "affected",
"version": "16.3.5"
},
{
"status": "affected",
"version": "16.3.5b"
},
{
"status": "affected",
"version": "16.4.1"
},
{
"status": "affected",
"version": "16.4.2"
},
{
"status": "affected",
"version": "16.4.3"
},
{
"status": "affected",
"version": "16.5.1"
},
{
"status": "affected",
"version": "16.5.1a"
},
{
"status": "affected",
"version": "16.5.1b"
},
{
"status": "affected",
"version": "16.5.2"
},
{
"status": "affected",
"version": "3.18.0aS"
},
{
"status": "affected",
"version": "3.18.0S"
},
{
"status": "affected",
"version": "3.18.1S"
},
{
"status": "affected",
"version": "3.18.2S"
},
{
"status": "affected",
"version": "3.18.3S"
},
{
"status": "affected",
"version": "3.18.4S"
},
{
"status": "affected",
"version": "3.18.0SP"
},
{
"status": "affected",
"version": "3.18.1SP"
},
{
"status": "affected",
"version": "3.18.1aSP"
},
{
"status": "affected",
"version": "3.18.1gSP"
},
{
"status": "affected",
"version": "3.18.1bSP"
},
{
"status": "affected",
"version": "3.18.1cSP"
},
{
"status": "affected",
"version": "3.18.2SP"
},
{
"status": "affected",
"version": "3.18.1hSP"
},
{
"status": "affected",
"version": "3.18.2aSP"
},
{
"status": "affected",
"version": "3.18.1iSP"
},
{
"status": "affected",
"version": "3.18.3SP"
},
{
"status": "affected",
"version": "3.18.4SP"
},
{
"status": "affected",
"version": "3.18.3aSP"
},
{
"status": "affected",
"version": "3.18.3bSP"
},
{
"status": "affected",
"version": "3.18.5SP"
},
{
"status": "affected",
"version": "3.9.0E"
},
{
"status": "affected",
"version": "3.9.1E"
},
{
"status": "affected",
"version": "3.9.2E"
},
{
"status": "affected",
"version": "3.9.2bE"
},
{
"status": "affected",
"version": "16.6.1"
},
{
"status": "affected",
"version": "16.6.2"
},
{
"status": "affected",
"version": "3.10.0E"
},
{
"status": "affected",
"version": "3.10.0cE"
}
]
}
],
"datePublic": "2019-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Cisco Network Plug-and-Play (PnP) agent of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability exists because the affected software insufficiently validates certificates. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt and modify confidential information on user connections to the affected software."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-29T07:06:06",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20190327 Cisco IOS and IOS XE Software Network Plug-and-Play Agent Certificate Validation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-pnp-cert"
},
{
"name": "107619",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107619"
}
],
"source": {
"advisory": "cisco-sa-20190327-pnp-cert",
"defect": [
[
"CSCvf36269",
"CSCvg01089"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS and IOS XE Software Network Plug-and-Play Agent Certificate Validation Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-03-27T16:00:00-0700",
"ID": "CVE-2019-1748",
"STATE": "PUBLIC",
"TITLE": "Cisco IOS and IOS XE Software Network Plug-and-Play Agent Certificate Validation Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS and IOS XE Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.7.7S"
},
{
"version_affected": "=",
"version_value": "3.9.1S"
},
{
"version_affected": "=",
"version_value": "3.9.0S"
},
{
"version_affected": "=",
"version_value": "3.9.2S"
},
{
"version_affected": "=",
"version_value": "3.9.1aS"
},
{
"version_affected": "=",
"version_value": "3.9.0aS"
},
{
"version_affected": "=",
"version_value": "3.3.0SE"
},
{
"version_affected": "=",
"version_value": "3.3.1SE"
},
{
"version_affected": "=",
"version_value": "3.3.2SE"
},
{
"version_affected": "=",
"version_value": "3.3.3SE"
},
{
"version_affected": "=",
"version_value": "3.3.4SE"
},
{
"version_affected": "=",
"version_value": "3.3.5SE"
},
{
"version_affected": "=",
"version_value": "3.3.0XO"
},
{
"version_affected": "=",
"version_value": "3.3.1XO"
},
{
"version_affected": "=",
"version_value": "3.3.2XO"
},
{
"version_affected": "=",
"version_value": "3.5.0E"
},
{
"version_affected": "=",
"version_value": "3.5.1E"
},
{
"version_affected": "=",
"version_value": "3.5.2E"
},
{
"version_affected": "=",
"version_value": "3.5.3E"
},
{
"version_affected": "=",
"version_value": "3.10.0S"
},
{
"version_affected": "=",
"version_value": "3.10.1S"
},
{
"version_affected": "=",
"version_value": "3.10.2S"
},
{
"version_affected": "=",
"version_value": "3.10.3S"
},
{
"version_affected": "=",
"version_value": "3.10.4S"
},
{
"version_affected": "=",
"version_value": "3.10.5S"
},
{
"version_affected": "=",
"version_value": "3.10.6S"
},
{
"version_affected": "=",
"version_value": "3.10.2aS"
},
{
"version_affected": "=",
"version_value": "3.10.2tS"
},
{
"version_affected": "=",
"version_value": "3.10.7S"
},
{
"version_affected": "=",
"version_value": "3.10.8S"
},
{
"version_affected": "=",
"version_value": "3.10.8aS"
},
{
"version_affected": "=",
"version_value": "3.10.9S"
},
{
"version_affected": "=",
"version_value": "3.10.10S"
},
{
"version_affected": "=",
"version_value": "3.11.1S"
},
{
"version_affected": "=",
"version_value": "3.11.2S"
},
{
"version_affected": "=",
"version_value": "3.11.0S"
},
{
"version_affected": "=",
"version_value": "3.11.3S"
},
{
"version_affected": "=",
"version_value": "3.11.4S"
},
{
"version_affected": "=",
"version_value": "3.12.0S"
},
{
"version_affected": "=",
"version_value": "3.12.1S"
},
{
"version_affected": "=",
"version_value": "3.12.2S"
},
{
"version_affected": "=",
"version_value": "3.12.3S"
},
{
"version_affected": "=",
"version_value": "3.12.0aS"
},
{
"version_affected": "=",
"version_value": "3.12.4S"
},
{
"version_affected": "=",
"version_value": "3.13.0S"
},
{
"version_affected": "=",
"version_value": "3.13.1S"
},
{
"version_affected": "=",
"version_value": "3.13.2S"
},
{
"version_affected": "=",
"version_value": "3.13.3S"
},
{
"version_affected": "=",
"version_value": "3.13.4S"
},
{
"version_affected": "=",
"version_value": "3.13.5S"
},
{
"version_affected": "=",
"version_value": "3.13.2aS"
},
{
"version_affected": "=",
"version_value": "3.13.0aS"
},
{
"version_affected": "=",
"version_value": "3.13.5aS"
},
{
"version_affected": "=",
"version_value": "3.13.6S"
},
{
"version_affected": "=",
"version_value": "3.13.7S"
},
{
"version_affected": "=",
"version_value": "3.13.6aS"
},
{
"version_affected": "=",
"version_value": "3.13.6bS"
},
{
"version_affected": "=",
"version_value": "3.13.7aS"
},
{
"version_affected": "=",
"version_value": "3.13.8S"
},
{
"version_affected": "=",
"version_value": "3.13.9S"
},
{
"version_affected": "=",
"version_value": "3.6.0E"
},
{
"version_affected": "=",
"version_value": "3.6.1E"
},
{
"version_affected": "=",
"version_value": "3.6.0aE"
},
{
"version_affected": "=",
"version_value": "3.6.0bE"
},
{
"version_affected": "=",
"version_value": "3.6.2aE"
},
{
"version_affected": "=",
"version_value": "3.6.2E"
},
{
"version_affected": "=",
"version_value": "3.6.3E"
},
{
"version_affected": "=",
"version_value": "3.6.4E"
},
{
"version_affected": "=",
"version_value": "3.6.5E"
},
{
"version_affected": "=",
"version_value": "3.6.6E"
},
{
"version_affected": "=",
"version_value": "3.6.5aE"
},
{
"version_affected": "=",
"version_value": "3.6.5bE"
},
{
"version_affected": "=",
"version_value": "3.6.7E"
},
{
"version_affected": "=",
"version_value": "3.6.7aE"
},
{
"version_affected": "=",
"version_value": "3.6.7bE"
},
{
"version_affected": "=",
"version_value": "3.6.9E"
},
{
"version_affected": "=",
"version_value": "3.6.10E"
},
{
"version_affected": "=",
"version_value": "3.6.9aE"
},
{
"version_affected": "=",
"version_value": "3.14.0S"
},
{
"version_affected": "=",
"version_value": "3.14.1S"
},
{
"version_affected": "=",
"version_value": "3.14.2S"
},
{
"version_affected": "=",
"version_value": "3.14.3S"
},
{
"version_affected": "=",
"version_value": "3.14.4S"
},
{
"version_affected": "=",
"version_value": "3.15.0S"
},
{
"version_affected": "=",
"version_value": "3.15.1S"
},
{
"version_affected": "=",
"version_value": "3.15.2S"
},
{
"version_affected": "=",
"version_value": "3.15.1cS"
},
{
"version_affected": "=",
"version_value": "3.15.3S"
},
{
"version_affected": "=",
"version_value": "3.15.4S"
},
{
"version_affected": "=",
"version_value": "3.7.0E"
},
{
"version_affected": "=",
"version_value": "3.7.1E"
},
{
"version_affected": "=",
"version_value": "3.7.2E"
},
{
"version_affected": "=",
"version_value": "3.7.3E"
},
{
"version_affected": "=",
"version_value": "3.7.4E"
},
{
"version_affected": "=",
"version_value": "3.7.5E"
},
{
"version_affected": "=",
"version_value": "3.16.0S"
},
{
"version_affected": "=",
"version_value": "3.16.1S"
},
{
"version_affected": "=",
"version_value": "3.16.0aS"
},
{
"version_affected": "=",
"version_value": "3.16.1aS"
},
{
"version_affected": "=",
"version_value": "3.16.2S"
},
{
"version_affected": "=",
"version_value": "3.16.2aS"
},
{
"version_affected": "=",
"version_value": "3.16.0bS"
},
{
"version_affected": "=",
"version_value": "3.16.0cS"
},
{
"version_affected": "=",
"version_value": "3.16.3S"
},
{
"version_affected": "=",
"version_value": "3.16.2bS"
},
{
"version_affected": "=",
"version_value": "3.16.3aS"
},
{
"version_affected": "=",
"version_value": "3.16.4S"
},
{
"version_affected": "=",
"version_value": "3.16.4aS"
},
{
"version_affected": "=",
"version_value": "3.16.4bS"
},
{
"version_affected": "=",
"version_value": "3.16.4gS"
},
{
"version_affected": "=",
"version_value": "3.16.5S"
},
{
"version_affected": "=",
"version_value": "3.16.4cS"
},
{
"version_affected": "=",
"version_value": "3.16.4dS"
},
{
"version_affected": "=",
"version_value": "3.16.4eS"
},
{
"version_affected": "=",
"version_value": "3.16.6S"
},
{
"version_affected": "=",
"version_value": "3.16.5aS"
},
{
"version_affected": "=",
"version_value": "3.16.5bS"
},
{
"version_affected": "=",
"version_value": "3.16.7S"
},
{
"version_affected": "=",
"version_value": "3.16.6bS"
},
{
"version_affected": "=",
"version_value": "3.16.7aS"
},
{
"version_affected": "=",
"version_value": "3.17.0S"
},
{
"version_affected": "=",
"version_value": "3.17.1S"
},
{
"version_affected": "=",
"version_value": "3.17.2S"
},
{
"version_affected": "=",
"version_value": "3.17.1aS"
},
{
"version_affected": "=",
"version_value": "3.17.3S"
},
{
"version_affected": "=",
"version_value": "3.17.4S"
},
{
"version_affected": "=",
"version_value": "16.1.1"
},
{
"version_affected": "=",
"version_value": "16.1.2"
},
{
"version_affected": "=",
"version_value": "16.1.3"
},
{
"version_affected": "=",
"version_value": "16.2.1"
},
{
"version_affected": "=",
"version_value": "16.2.2"
},
{
"version_affected": "=",
"version_value": "3.8.0E"
},
{
"version_affected": "=",
"version_value": "3.8.1E"
},
{
"version_affected": "=",
"version_value": "3.8.2E"
},
{
"version_affected": "=",
"version_value": "3.8.3E"
},
{
"version_affected": "=",
"version_value": "3.8.4E"
},
{
"version_affected": "=",
"version_value": "3.8.5E"
},
{
"version_affected": "=",
"version_value": "3.8.5aE"
},
{
"version_affected": "=",
"version_value": "3.8.6E"
},
{
"version_affected": "=",
"version_value": "16.3.1"
},
{
"version_affected": "=",
"version_value": "16.3.2"
},
{
"version_affected": "=",
"version_value": "16.3.3"
},
{
"version_affected": "=",
"version_value": "16.3.1a"
},
{
"version_affected": "=",
"version_value": "16.3.4"
},
{
"version_affected": "=",
"version_value": "16.3.5"
},
{
"version_affected": "=",
"version_value": "16.3.5b"
},
{
"version_affected": "=",
"version_value": "16.4.1"
},
{
"version_affected": "=",
"version_value": "16.4.2"
},
{
"version_affected": "=",
"version_value": "16.4.3"
},
{
"version_affected": "=",
"version_value": "16.5.1"
},
{
"version_affected": "=",
"version_value": "16.5.1a"
},
{
"version_affected": "=",
"version_value": "16.5.1b"
},
{
"version_affected": "=",
"version_value": "16.5.2"
},
{
"version_affected": "=",
"version_value": "3.18.0aS"
},
{
"version_affected": "=",
"version_value": "3.18.0S"
},
{
"version_affected": "=",
"version_value": "3.18.1S"
},
{
"version_affected": "=",
"version_value": "3.18.2S"
},
{
"version_affected": "=",
"version_value": "3.18.3S"
},
{
"version_affected": "=",
"version_value": "3.18.4S"
},
{
"version_affected": "=",
"version_value": "3.18.0SP"
},
{
"version_affected": "=",
"version_value": "3.18.1SP"
},
{
"version_affected": "=",
"version_value": "3.18.1aSP"
},
{
"version_affected": "=",
"version_value": "3.18.1gSP"
},
{
"version_affected": "=",
"version_value": "3.18.1bSP"
},
{
"version_affected": "=",
"version_value": "3.18.1cSP"
},
{
"version_affected": "=",
"version_value": "3.18.2SP"
},
{
"version_affected": "=",
"version_value": "3.18.1hSP"
},
{
"version_affected": "=",
"version_value": "3.18.2aSP"
},
{
"version_affected": "=",
"version_value": "3.18.1iSP"
},
{
"version_affected": "=",
"version_value": "3.18.3SP"
},
{
"version_affected": "=",
"version_value": "3.18.4SP"
},
{
"version_affected": "=",
"version_value": "3.18.3aSP"
},
{
"version_affected": "=",
"version_value": "3.18.3bSP"
},
{
"version_affected": "=",
"version_value": "3.18.5SP"
},
{
"version_affected": "=",
"version_value": "3.9.0E"
},
{
"version_affected": "=",
"version_value": "3.9.1E"
},
{
"version_affected": "=",
"version_value": "3.9.2E"
},
{
"version_affected": "=",
"version_value": "3.9.2bE"
},
{
"version_affected": "=",
"version_value": "16.6.1"
},
{
"version_affected": "=",
"version_value": "16.6.2"
},
{
"version_affected": "=",
"version_value": "3.10.0E"
},
{
"version_affected": "=",
"version_value": "3.10.0cE"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Cisco Network Plug-and-Play (PnP) agent of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability exists because the affected software insufficiently validates certificates. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt and modify confidential information on user connections to the affected software."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "7.4",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190327 Cisco IOS and IOS XE Software Network Plug-and-Play Agent Certificate Validation Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-pnp-cert"
},
{
"name": "107619",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107619"
}
]
},
"source": {
"advisory": "cisco-sa-20190327-pnp-cert",
"defect": [
[
"CSCvf36269",
"CSCvg01089"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2019-1748",
"datePublished": "2019-03-27T23:50:13.064650Z",
"dateReserved": "2018-12-06T00:00:00",
"dateUpdated": "2024-09-17T02:02:40.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-1752
Vulnerability from cvelistv5
Published
2019-03-28 00:05
Modified
2024-09-17 01:16
Severity ?
EPSS score ?
Summary
A vulnerability in the ISDN functions of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of specific values in the Q.931 information elements. An attacker could exploit this vulnerability by calling the affected device with specific Q.931 information elements being present. An exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition on an affected device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-isdn | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/107589 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco IOS and IOS XE Software |
Version: 3.8.0S Version: 3.8.1S Version: 3.8.2S Version: 3.9.1S Version: 3.9.0S Version: 3.9.2S Version: 3.9.1aS Version: 3.9.0aS Version: 3.10.0S Version: 3.10.1S Version: 3.10.2S Version: 3.10.3S Version: 3.10.4S Version: 3.10.5S Version: 3.10.6S Version: 3.10.2aS Version: 3.10.2tS Version: 3.10.7S Version: 3.10.8S Version: 3.10.8aS Version: 3.10.9S Version: 3.10.10S Version: 3.11.1S Version: 3.11.2S Version: 3.11.0S Version: 3.11.3S Version: 3.11.4S Version: 3.12.0S Version: 3.12.1S Version: 3.12.2S Version: 3.12.3S Version: 3.12.0aS Version: 3.12.4S Version: 3.13.0S Version: 3.13.1S Version: 3.13.2S Version: 3.13.3S Version: 3.13.4S Version: 3.13.5S Version: 3.13.2aS Version: 3.13.5aS Version: 3.13.6S Version: 3.13.7S Version: 3.13.6aS Version: 3.13.6bS Version: 3.13.7aS Version: 3.13.8S Version: 3.13.9S Version: 3.13.10S Version: 3.14.0S Version: 3.14.1S Version: 3.14.2S Version: 3.14.3S Version: 3.14.4S Version: 3.15.0S Version: 3.15.1S Version: 3.15.2S Version: 3.15.1cS Version: 3.15.3S Version: 3.15.4S Version: 3.16.0S Version: 3.16.1S Version: 3.16.1aS Version: 3.16.2S Version: 3.16.0bS Version: 3.16.0cS Version: 3.16.3S Version: 3.16.2bS Version: 3.16.4aS Version: 3.16.4bS Version: 3.16.4gS Version: 3.16.5S Version: 3.16.4cS Version: 3.16.4dS Version: 3.16.4eS Version: 3.16.6S Version: 3.16.5aS Version: 3.16.5bS Version: 3.16.7S Version: 3.16.6bS Version: 3.16.7aS Version: 3.16.7bS Version: 3.16.8S Version: 3.17.0S Version: 3.17.1S Version: 3.17.2S Version: 3.17.1aS Version: 3.17.3S Version: 3.17.4S Version: 16.2.1 Version: 16.2.2 Version: 16.3.1 Version: 16.3.2 Version: 16.3.3 Version: 16.3.1a Version: 16.3.4 Version: 16.3.5 Version: 16.3.6 Version: 16.3.7 Version: 16.4.1 Version: 16.4.2 Version: 16.4.3 Version: 16.5.1 Version: 16.5.1b Version: 16.5.2 Version: 16.5.3 Version: 3.18.0aS Version: 3.18.1S Version: 3.18.0SP Version: 3.18.1SP Version: 3.18.1aSP Version: 3.18.2aSP Version: 3.18.3SP Version: 3.18.4SP Version: 3.18.3aSP Version: 3.18.3bSP Version: 3.18.5SP Version: 16.6.1 Version: 16.6.2 Version: 16.6.3 Version: 16.6.4 Version: 16.6.4s Version: 16.7.1 Version: 16.7.1a Version: 16.7.1b Version: 16.7.2 Version: 16.7.3 Version: 16.8.1 Version: 16.8.1s Version: 16.8.1d |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:28:42.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190327 Cisco IOS and IOS XE Software ISDN Interface Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-isdn"
},
{
"name": "107589",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107589"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS and IOS XE Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.8.0S"
},
{
"status": "affected",
"version": "3.8.1S"
},
{
"status": "affected",
"version": "3.8.2S"
},
{
"status": "affected",
"version": "3.9.1S"
},
{
"status": "affected",
"version": "3.9.0S"
},
{
"status": "affected",
"version": "3.9.2S"
},
{
"status": "affected",
"version": "3.9.1aS"
},
{
"status": "affected",
"version": "3.9.0aS"
},
{
"status": "affected",
"version": "3.10.0S"
},
{
"status": "affected",
"version": "3.10.1S"
},
{
"status": "affected",
"version": "3.10.2S"
},
{
"status": "affected",
"version": "3.10.3S"
},
{
"status": "affected",
"version": "3.10.4S"
},
{
"status": "affected",
"version": "3.10.5S"
},
{
"status": "affected",
"version": "3.10.6S"
},
{
"status": "affected",
"version": "3.10.2aS"
},
{
"status": "affected",
"version": "3.10.2tS"
},
{
"status": "affected",
"version": "3.10.7S"
},
{
"status": "affected",
"version": "3.10.8S"
},
{
"status": "affected",
"version": "3.10.8aS"
},
{
"status": "affected",
"version": "3.10.9S"
},
{
"status": "affected",
"version": "3.10.10S"
},
{
"status": "affected",
"version": "3.11.1S"
},
{
"status": "affected",
"version": "3.11.2S"
},
{
"status": "affected",
"version": "3.11.0S"
},
{
"status": "affected",
"version": "3.11.3S"
},
{
"status": "affected",
"version": "3.11.4S"
},
{
"status": "affected",
"version": "3.12.0S"
},
{
"status": "affected",
"version": "3.12.1S"
},
{
"status": "affected",
"version": "3.12.2S"
},
{
"status": "affected",
"version": "3.12.3S"
},
{
"status": "affected",
"version": "3.12.0aS"
},
{
"status": "affected",
"version": "3.12.4S"
},
{
"status": "affected",
"version": "3.13.0S"
},
{
"status": "affected",
"version": "3.13.1S"
},
{
"status": "affected",
"version": "3.13.2S"
},
{
"status": "affected",
"version": "3.13.3S"
},
{
"status": "affected",
"version": "3.13.4S"
},
{
"status": "affected",
"version": "3.13.5S"
},
{
"status": "affected",
"version": "3.13.2aS"
},
{
"status": "affected",
"version": "3.13.5aS"
},
{
"status": "affected",
"version": "3.13.6S"
},
{
"status": "affected",
"version": "3.13.7S"
},
{
"status": "affected",
"version": "3.13.6aS"
},
{
"status": "affected",
"version": "3.13.6bS"
},
{
"status": "affected",
"version": "3.13.7aS"
},
{
"status": "affected",
"version": "3.13.8S"
},
{
"status": "affected",
"version": "3.13.9S"
},
{
"status": "affected",
"version": "3.13.10S"
},
{
"status": "affected",
"version": "3.14.0S"
},
{
"status": "affected",
"version": "3.14.1S"
},
{
"status": "affected",
"version": "3.14.2S"
},
{
"status": "affected",
"version": "3.14.3S"
},
{
"status": "affected",
"version": "3.14.4S"
},
{
"status": "affected",
"version": "3.15.0S"
},
{
"status": "affected",
"version": "3.15.1S"
},
{
"status": "affected",
"version": "3.15.2S"
},
{
"status": "affected",
"version": "3.15.1cS"
},
{
"status": "affected",
"version": "3.15.3S"
},
{
"status": "affected",
"version": "3.15.4S"
},
{
"status": "affected",
"version": "3.16.0S"
},
{
"status": "affected",
"version": "3.16.1S"
},
{
"status": "affected",
"version": "3.16.1aS"
},
{
"status": "affected",
"version": "3.16.2S"
},
{
"status": "affected",
"version": "3.16.0bS"
},
{
"status": "affected",
"version": "3.16.0cS"
},
{
"status": "affected",
"version": "3.16.3S"
},
{
"status": "affected",
"version": "3.16.2bS"
},
{
"status": "affected",
"version": "3.16.4aS"
},
{
"status": "affected",
"version": "3.16.4bS"
},
{
"status": "affected",
"version": "3.16.4gS"
},
{
"status": "affected",
"version": "3.16.5S"
},
{
"status": "affected",
"version": "3.16.4cS"
},
{
"status": "affected",
"version": "3.16.4dS"
},
{
"status": "affected",
"version": "3.16.4eS"
},
{
"status": "affected",
"version": "3.16.6S"
},
{
"status": "affected",
"version": "3.16.5aS"
},
{
"status": "affected",
"version": "3.16.5bS"
},
{
"status": "affected",
"version": "3.16.7S"
},
{
"status": "affected",
"version": "3.16.6bS"
},
{
"status": "affected",
"version": "3.16.7aS"
},
{
"status": "affected",
"version": "3.16.7bS"
},
{
"status": "affected",
"version": "3.16.8S"
},
{
"status": "affected",
"version": "3.17.0S"
},
{
"status": "affected",
"version": "3.17.1S"
},
{
"status": "affected",
"version": "3.17.2S"
},
{
"status": "affected",
"version": "3.17.1aS"
},
{
"status": "affected",
"version": "3.17.3S"
},
{
"status": "affected",
"version": "3.17.4S"
},
{
"status": "affected",
"version": "16.2.1"
},
{
"status": "affected",
"version": "16.2.2"
},
{
"status": "affected",
"version": "16.3.1"
},
{
"status": "affected",
"version": "16.3.2"
},
{
"status": "affected",
"version": "16.3.3"
},
{
"status": "affected",
"version": "16.3.1a"
},
{
"status": "affected",
"version": "16.3.4"
},
{
"status": "affected",
"version": "16.3.5"
},
{
"status": "affected",
"version": "16.3.6"
},
{
"status": "affected",
"version": "16.3.7"
},
{
"status": "affected",
"version": "16.4.1"
},
{
"status": "affected",
"version": "16.4.2"
},
{
"status": "affected",
"version": "16.4.3"
},
{
"status": "affected",
"version": "16.5.1"
},
{
"status": "affected",
"version": "16.5.1b"
},
{
"status": "affected",
"version": "16.5.2"
},
{
"status": "affected",
"version": "16.5.3"
},
{
"status": "affected",
"version": "3.18.0aS"
},
{
"status": "affected",
"version": "3.18.1S"
},
{
"status": "affected",
"version": "3.18.0SP"
},
{
"status": "affected",
"version": "3.18.1SP"
},
{
"status": "affected",
"version": "3.18.1aSP"
},
{
"status": "affected",
"version": "3.18.2aSP"
},
{
"status": "affected",
"version": "3.18.3SP"
},
{
"status": "affected",
"version": "3.18.4SP"
},
{
"status": "affected",
"version": "3.18.3aSP"
},
{
"status": "affected",
"version": "3.18.3bSP"
},
{
"status": "affected",
"version": "3.18.5SP"
},
{
"status": "affected",
"version": "16.6.1"
},
{
"status": "affected",
"version": "16.6.2"
},
{
"status": "affected",
"version": "16.6.3"
},
{
"status": "affected",
"version": "16.6.4"
},
{
"status": "affected",
"version": "16.6.4s"
},
{
"status": "affected",
"version": "16.7.1"
},
{
"status": "affected",
"version": "16.7.1a"
},
{
"status": "affected",
"version": "16.7.1b"
},
{
"status": "affected",
"version": "16.7.2"
},
{
"status": "affected",
"version": "16.7.3"
},
{
"status": "affected",
"version": "16.8.1"
},
{
"status": "affected",
"version": "16.8.1s"
},
{
"status": "affected",
"version": "16.8.1d"
}
]
}
],
"datePublic": "2019-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the ISDN functions of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of specific values in the Q.931 information elements. An attacker could exploit this vulnerability by calling the affected device with specific Q.931 information elements being present. An exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition on an affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-28T06:06:08",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20190327 Cisco IOS and IOS XE Software ISDN Interface Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-isdn"
},
{
"name": "107589",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107589"
}
],
"source": {
"advisory": "cisco-sa-20190327-isdn",
"defect": [
[
"CSCuz74957",
"CSCvk01977"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS and IOS XE Software ISDN Interface Denial of Service Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-03-27T16:00:00-0700",
"ID": "CVE-2019-1752",
"STATE": "PUBLIC",
"TITLE": "Cisco IOS and IOS XE Software ISDN Interface Denial of Service Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS and IOS XE Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.8.0S"
},
{
"version_affected": "=",
"version_value": "3.8.1S"
},
{
"version_affected": "=",
"version_value": "3.8.2S"
},
{
"version_affected": "=",
"version_value": "3.9.1S"
},
{
"version_affected": "=",
"version_value": "3.9.0S"
},
{
"version_affected": "=",
"version_value": "3.9.2S"
},
{
"version_affected": "=",
"version_value": "3.9.1aS"
},
{
"version_affected": "=",
"version_value": "3.9.0aS"
},
{
"version_affected": "=",
"version_value": "3.10.0S"
},
{
"version_affected": "=",
"version_value": "3.10.1S"
},
{
"version_affected": "=",
"version_value": "3.10.2S"
},
{
"version_affected": "=",
"version_value": "3.10.3S"
},
{
"version_affected": "=",
"version_value": "3.10.4S"
},
{
"version_affected": "=",
"version_value": "3.10.5S"
},
{
"version_affected": "=",
"version_value": "3.10.6S"
},
{
"version_affected": "=",
"version_value": "3.10.2aS"
},
{
"version_affected": "=",
"version_value": "3.10.2tS"
},
{
"version_affected": "=",
"version_value": "3.10.7S"
},
{
"version_affected": "=",
"version_value": "3.10.8S"
},
{
"version_affected": "=",
"version_value": "3.10.8aS"
},
{
"version_affected": "=",
"version_value": "3.10.9S"
},
{
"version_affected": "=",
"version_value": "3.10.10S"
},
{
"version_affected": "=",
"version_value": "3.11.1S"
},
{
"version_affected": "=",
"version_value": "3.11.2S"
},
{
"version_affected": "=",
"version_value": "3.11.0S"
},
{
"version_affected": "=",
"version_value": "3.11.3S"
},
{
"version_affected": "=",
"version_value": "3.11.4S"
},
{
"version_affected": "=",
"version_value": "3.12.0S"
},
{
"version_affected": "=",
"version_value": "3.12.1S"
},
{
"version_affected": "=",
"version_value": "3.12.2S"
},
{
"version_affected": "=",
"version_value": "3.12.3S"
},
{
"version_affected": "=",
"version_value": "3.12.0aS"
},
{
"version_affected": "=",
"version_value": "3.12.4S"
},
{
"version_affected": "=",
"version_value": "3.13.0S"
},
{
"version_affected": "=",
"version_value": "3.13.1S"
},
{
"version_affected": "=",
"version_value": "3.13.2S"
},
{
"version_affected": "=",
"version_value": "3.13.3S"
},
{
"version_affected": "=",
"version_value": "3.13.4S"
},
{
"version_affected": "=",
"version_value": "3.13.5S"
},
{
"version_affected": "=",
"version_value": "3.13.2aS"
},
{
"version_affected": "=",
"version_value": "3.13.5aS"
},
{
"version_affected": "=",
"version_value": "3.13.6S"
},
{
"version_affected": "=",
"version_value": "3.13.7S"
},
{
"version_affected": "=",
"version_value": "3.13.6aS"
},
{
"version_affected": "=",
"version_value": "3.13.6bS"
},
{
"version_affected": "=",
"version_value": "3.13.7aS"
},
{
"version_affected": "=",
"version_value": "3.13.8S"
},
{
"version_affected": "=",
"version_value": "3.13.9S"
},
{
"version_affected": "=",
"version_value": "3.13.10S"
},
{
"version_affected": "=",
"version_value": "3.14.0S"
},
{
"version_affected": "=",
"version_value": "3.14.1S"
},
{
"version_affected": "=",
"version_value": "3.14.2S"
},
{
"version_affected": "=",
"version_value": "3.14.3S"
},
{
"version_affected": "=",
"version_value": "3.14.4S"
},
{
"version_affected": "=",
"version_value": "3.15.0S"
},
{
"version_affected": "=",
"version_value": "3.15.1S"
},
{
"version_affected": "=",
"version_value": "3.15.2S"
},
{
"version_affected": "=",
"version_value": "3.15.1cS"
},
{
"version_affected": "=",
"version_value": "3.15.3S"
},
{
"version_affected": "=",
"version_value": "3.15.4S"
},
{
"version_affected": "=",
"version_value": "3.16.0S"
},
{
"version_affected": "=",
"version_value": "3.16.1S"
},
{
"version_affected": "=",
"version_value": "3.16.1aS"
},
{
"version_affected": "=",
"version_value": "3.16.2S"
},
{
"version_affected": "=",
"version_value": "3.16.0bS"
},
{
"version_affected": "=",
"version_value": "3.16.0cS"
},
{
"version_affected": "=",
"version_value": "3.16.3S"
},
{
"version_affected": "=",
"version_value": "3.16.2bS"
},
{
"version_affected": "=",
"version_value": "3.16.4aS"
},
{
"version_affected": "=",
"version_value": "3.16.4bS"
},
{
"version_affected": "=",
"version_value": "3.16.4gS"
},
{
"version_affected": "=",
"version_value": "3.16.5S"
},
{
"version_affected": "=",
"version_value": "3.16.4cS"
},
{
"version_affected": "=",
"version_value": "3.16.4dS"
},
{
"version_affected": "=",
"version_value": "3.16.4eS"
},
{
"version_affected": "=",
"version_value": "3.16.6S"
},
{
"version_affected": "=",
"version_value": "3.16.5aS"
},
{
"version_affected": "=",
"version_value": "3.16.5bS"
},
{
"version_affected": "=",
"version_value": "3.16.7S"
},
{
"version_affected": "=",
"version_value": "3.16.6bS"
},
{
"version_affected": "=",
"version_value": "3.16.7aS"
},
{
"version_affected": "=",
"version_value": "3.16.7bS"
},
{
"version_affected": "=",
"version_value": "3.16.8S"
},
{
"version_affected": "=",
"version_value": "3.17.0S"
},
{
"version_affected": "=",
"version_value": "3.17.1S"
},
{
"version_affected": "=",
"version_value": "3.17.2S"
},
{
"version_affected": "=",
"version_value": "3.17.1aS"
},
{
"version_affected": "=",
"version_value": "3.17.3S"
},
{
"version_affected": "=",
"version_value": "3.17.4S"
},
{
"version_affected": "=",
"version_value": "16.2.1"
},
{
"version_affected": "=",
"version_value": "16.2.2"
},
{
"version_affected": "=",
"version_value": "16.3.1"
},
{
"version_affected": "=",
"version_value": "16.3.2"
},
{
"version_affected": "=",
"version_value": "16.3.3"
},
{
"version_affected": "=",
"version_value": "16.3.1a"
},
{
"version_affected": "=",
"version_value": "16.3.4"
},
{
"version_affected": "=",
"version_value": "16.3.5"
},
{
"version_affected": "=",
"version_value": "16.3.6"
},
{
"version_affected": "=",
"version_value": "16.3.7"
},
{
"version_affected": "=",
"version_value": "16.4.1"
},
{
"version_affected": "=",
"version_value": "16.4.2"
},
{
"version_affected": "=",
"version_value": "16.4.3"
},
{
"version_affected": "=",
"version_value": "16.5.1"
},
{
"version_affected": "=",
"version_value": "16.5.1b"
},
{
"version_affected": "=",
"version_value": "16.5.2"
},
{
"version_affected": "=",
"version_value": "16.5.3"
},
{
"version_affected": "=",
"version_value": "3.18.0aS"
},
{
"version_affected": "=",
"version_value": "3.18.1S"
},
{
"version_affected": "=",
"version_value": "3.18.0SP"
},
{
"version_affected": "=",
"version_value": "3.18.1SP"
},
{
"version_affected": "=",
"version_value": "3.18.1aSP"
},
{
"version_affected": "=",
"version_value": "3.18.2aSP"
},
{
"version_affected": "=",
"version_value": "3.18.3SP"
},
{
"version_affected": "=",
"version_value": "3.18.4SP"
},
{
"version_affected": "=",
"version_value": "3.18.3aSP"
},
{
"version_affected": "=",
"version_value": "3.18.3bSP"
},
{
"version_affected": "=",
"version_value": "3.18.5SP"
},
{
"version_affected": "=",
"version_value": "16.6.1"
},
{
"version_affected": "=",
"version_value": "16.6.2"
},
{
"version_affected": "=",
"version_value": "16.6.3"
},
{
"version_affected": "=",
"version_value": "16.6.4"
},
{
"version_affected": "=",
"version_value": "16.6.4s"
},
{
"version_affected": "=",
"version_value": "16.7.1"
},
{
"version_affected": "=",
"version_value": "16.7.1a"
},
{
"version_affected": "=",
"version_value": "16.7.1b"
},
{
"version_affected": "=",
"version_value": "16.7.2"
},
{
"version_affected": "=",
"version_value": "16.7.3"
},
{
"version_affected": "=",
"version_value": "16.8.1"
},
{
"version_affected": "=",
"version_value": "16.8.1s"
},
{
"version_affected": "=",
"version_value": "16.8.1d"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the ISDN functions of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of specific values in the Q.931 information elements. An attacker could exploit this vulnerability by calling the affected device with specific Q.931 information elements being present. An exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition on an affected device."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "8.6",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190327 Cisco IOS and IOS XE Software ISDN Interface Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-isdn"
},
{
"name": "107589",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107589"
}
]
},
"source": {
"advisory": "cisco-sa-20190327-isdn",
"defect": [
[
"CSCuz74957",
"CSCvk01977"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2019-1752",
"datePublished": "2019-03-28T00:05:14.711711Z",
"dateReserved": "2018-12-06T00:00:00",
"dateUpdated": "2024-09-17T01:16:09.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-1757
Vulnerability from cvelistv5
Published
2019-03-28 00:20
Modified
2024-11-15 15:15
Severity ?
EPSS score ?
Summary
A vulnerability in the Cisco Smart Call Home feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-call-home-cert | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/107617 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco IOS and IOS XE Software |
Version: 3.6.4E Version: 3.6.5E Version: 3.6.6E Version: 3.6.5aE Version: 3.6.5bE Version: 3.6.7E Version: 3.6.8E Version: 3.6.7aE Version: 3.6.7bE Version: 3.7.4E Version: 3.7.5E Version: 3.16.1S Version: 3.16.1aS Version: 3.16.2S Version: 3.16.2aS Version: 3.16.3S Version: 3.16.2bS Version: 3.16.3aS Version: 3.16.4S Version: 3.16.4aS Version: 3.16.4bS Version: 3.16.4gS Version: 3.16.5S Version: 3.16.4cS Version: 3.16.4dS Version: 3.16.4eS Version: 3.16.6S Version: 3.16.5aS Version: 3.16.5bS Version: 3.16.7S Version: 3.16.6bS Version: 3.16.7aS Version: 3.16.7bS Version: 3.17.0S Version: 3.17.1S Version: 3.17.2S Version: 3.17.1aS Version: 3.17.3S Version: 3.17.4S Version: 16.2.1 Version: 16.2.2 Version: 3.8.2E Version: 3.8.3E Version: 3.8.4E Version: 3.8.5E Version: 3.8.5aE Version: 3.8.6E Version: 16.3.1 Version: 16.3.2 Version: 16.3.3 Version: 16.3.1a Version: 16.3.4 Version: 16.3.5 Version: 16.3.5b Version: 16.3.6 Version: 16.4.1 Version: 16.4.2 Version: 16.4.3 Version: 16.5.1 Version: 16.5.1a Version: 16.5.1b Version: 16.5.2 Version: 16.5.3 Version: 3.18.0aS Version: 3.18.0S Version: 3.18.1S Version: 3.18.2S Version: 3.18.3S Version: 3.18.4S Version: 3.18.0SP Version: 3.18.1SP Version: 3.18.1aSP Version: 3.18.1gSP Version: 3.18.1bSP Version: 3.18.1cSP Version: 3.18.2SP Version: 3.18.1hSP Version: 3.18.2aSP Version: 3.18.1iSP Version: 3.18.3SP Version: 3.18.4SP Version: 3.18.3aSP Version: 3.18.3bSP Version: 3.9.0E Version: 3.9.1E Version: 3.9.2E Version: 3.9.2bE Version: 16.6.1 Version: 16.6.2 Version: 16.6.3 Version: 16.7.1 Version: 16.7.1a Version: 16.7.1b Version: 16.7.2 Version: 16.8.1 Version: 16.8.1a Version: 16.8.1b Version: 16.8.1s Version: 16.8.1c Version: 16.8.1d Version: 16.8.2 Version: 16.9.1b Version: 16.9.1s Version: 16.9.1c Version: 3.10.0E Version: 3.10.1E Version: 3.10.0cE Version: 3.10.1aE Version: 3.10.1sE |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:28:42.249Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190327 Cisco IOS and IOS XE Software Smart Call Home Certificate Validation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-call-home-cert"
},
{
"name": "107617",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107617"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-1757",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T15:14:56.593514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T15:15:52.387Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS and IOS XE Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.6.4E"
},
{
"status": "affected",
"version": "3.6.5E"
},
{
"status": "affected",
"version": "3.6.6E"
},
{
"status": "affected",
"version": "3.6.5aE"
},
{
"status": "affected",
"version": "3.6.5bE"
},
{
"status": "affected",
"version": "3.6.7E"
},
{
"status": "affected",
"version": "3.6.8E"
},
{
"status": "affected",
"version": "3.6.7aE"
},
{
"status": "affected",
"version": "3.6.7bE"
},
{
"status": "affected",
"version": "3.7.4E"
},
{
"status": "affected",
"version": "3.7.5E"
},
{
"status": "affected",
"version": "3.16.1S"
},
{
"status": "affected",
"version": "3.16.1aS"
},
{
"status": "affected",
"version": "3.16.2S"
},
{
"status": "affected",
"version": "3.16.2aS"
},
{
"status": "affected",
"version": "3.16.3S"
},
{
"status": "affected",
"version": "3.16.2bS"
},
{
"status": "affected",
"version": "3.16.3aS"
},
{
"status": "affected",
"version": "3.16.4S"
},
{
"status": "affected",
"version": "3.16.4aS"
},
{
"status": "affected",
"version": "3.16.4bS"
},
{
"status": "affected",
"version": "3.16.4gS"
},
{
"status": "affected",
"version": "3.16.5S"
},
{
"status": "affected",
"version": "3.16.4cS"
},
{
"status": "affected",
"version": "3.16.4dS"
},
{
"status": "affected",
"version": "3.16.4eS"
},
{
"status": "affected",
"version": "3.16.6S"
},
{
"status": "affected",
"version": "3.16.5aS"
},
{
"status": "affected",
"version": "3.16.5bS"
},
{
"status": "affected",
"version": "3.16.7S"
},
{
"status": "affected",
"version": "3.16.6bS"
},
{
"status": "affected",
"version": "3.16.7aS"
},
{
"status": "affected",
"version": "3.16.7bS"
},
{
"status": "affected",
"version": "3.17.0S"
},
{
"status": "affected",
"version": "3.17.1S"
},
{
"status": "affected",
"version": "3.17.2S"
},
{
"status": "affected",
"version": "3.17.1aS"
},
{
"status": "affected",
"version": "3.17.3S"
},
{
"status": "affected",
"version": "3.17.4S"
},
{
"status": "affected",
"version": "16.2.1"
},
{
"status": "affected",
"version": "16.2.2"
},
{
"status": "affected",
"version": "3.8.2E"
},
{
"status": "affected",
"version": "3.8.3E"
},
{
"status": "affected",
"version": "3.8.4E"
},
{
"status": "affected",
"version": "3.8.5E"
},
{
"status": "affected",
"version": "3.8.5aE"
},
{
"status": "affected",
"version": "3.8.6E"
},
{
"status": "affected",
"version": "16.3.1"
},
{
"status": "affected",
"version": "16.3.2"
},
{
"status": "affected",
"version": "16.3.3"
},
{
"status": "affected",
"version": "16.3.1a"
},
{
"status": "affected",
"version": "16.3.4"
},
{
"status": "affected",
"version": "16.3.5"
},
{
"status": "affected",
"version": "16.3.5b"
},
{
"status": "affected",
"version": "16.3.6"
},
{
"status": "affected",
"version": "16.4.1"
},
{
"status": "affected",
"version": "16.4.2"
},
{
"status": "affected",
"version": "16.4.3"
},
{
"status": "affected",
"version": "16.5.1"
},
{
"status": "affected",
"version": "16.5.1a"
},
{
"status": "affected",
"version": "16.5.1b"
},
{
"status": "affected",
"version": "16.5.2"
},
{
"status": "affected",
"version": "16.5.3"
},
{
"status": "affected",
"version": "3.18.0aS"
},
{
"status": "affected",
"version": "3.18.0S"
},
{
"status": "affected",
"version": "3.18.1S"
},
{
"status": "affected",
"version": "3.18.2S"
},
{
"status": "affected",
"version": "3.18.3S"
},
{
"status": "affected",
"version": "3.18.4S"
},
{
"status": "affected",
"version": "3.18.0SP"
},
{
"status": "affected",
"version": "3.18.1SP"
},
{
"status": "affected",
"version": "3.18.1aSP"
},
{
"status": "affected",
"version": "3.18.1gSP"
},
{
"status": "affected",
"version": "3.18.1bSP"
},
{
"status": "affected",
"version": "3.18.1cSP"
},
{
"status": "affected",
"version": "3.18.2SP"
},
{
"status": "affected",
"version": "3.18.1hSP"
},
{
"status": "affected",
"version": "3.18.2aSP"
},
{
"status": "affected",
"version": "3.18.1iSP"
},
{
"status": "affected",
"version": "3.18.3SP"
},
{
"status": "affected",
"version": "3.18.4SP"
},
{
"status": "affected",
"version": "3.18.3aSP"
},
{
"status": "affected",
"version": "3.18.3bSP"
},
{
"status": "affected",
"version": "3.9.0E"
},
{
"status": "affected",
"version": "3.9.1E"
},
{
"status": "affected",
"version": "3.9.2E"
},
{
"status": "affected",
"version": "3.9.2bE"
},
{
"status": "affected",
"version": "16.6.1"
},
{
"status": "affected",
"version": "16.6.2"
},
{
"status": "affected",
"version": "16.6.3"
},
{
"status": "affected",
"version": "16.7.1"
},
{
"status": "affected",
"version": "16.7.1a"
},
{
"status": "affected",
"version": "16.7.1b"
},
{
"status": "affected",
"version": "16.7.2"
},
{
"status": "affected",
"version": "16.8.1"
},
{
"status": "affected",
"version": "16.8.1a"
},
{
"status": "affected",
"version": "16.8.1b"
},
{
"status": "affected",
"version": "16.8.1s"
},
{
"status": "affected",
"version": "16.8.1c"
},
{
"status": "affected",
"version": "16.8.1d"
},
{
"status": "affected",
"version": "16.8.2"
},
{
"status": "affected",
"version": "16.9.1b"
},
{
"status": "affected",
"version": "16.9.1s"
},
{
"status": "affected",
"version": "16.9.1c"
},
{
"status": "affected",
"version": "3.10.0E"
},
{
"status": "affected",
"version": "3.10.1E"
},
{
"status": "affected",
"version": "3.10.0cE"
},
{
"status": "affected",
"version": "3.10.1aE"
},
{
"status": "affected",
"version": "3.10.1sE"
}
]
}
],
"datePublic": "2019-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Cisco Smart Call Home feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-29T07:06:06",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20190327 Cisco IOS and IOS XE Software Smart Call Home Certificate Validation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-call-home-cert"
},
{
"name": "107617",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107617"
}
],
"source": {
"advisory": "cisco-sa-20190327-call-home-cert",
"defect": [
[
"CSCvg83741"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS and IOS XE Software Smart Call Home Certificate Validation Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-03-27T16:00:00-0700",
"ID": "CVE-2019-1757",
"STATE": "PUBLIC",
"TITLE": "Cisco IOS and IOS XE Software Smart Call Home Certificate Validation Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS and IOS XE Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.6.4E"
},
{
"version_affected": "=",
"version_value": "3.6.5E"
},
{
"version_affected": "=",
"version_value": "3.6.6E"
},
{
"version_affected": "=",
"version_value": "3.6.5aE"
},
{
"version_affected": "=",
"version_value": "3.6.5bE"
},
{
"version_affected": "=",
"version_value": "3.6.7E"
},
{
"version_affected": "=",
"version_value": "3.6.8E"
},
{
"version_affected": "=",
"version_value": "3.6.7aE"
},
{
"version_affected": "=",
"version_value": "3.6.7bE"
},
{
"version_affected": "=",
"version_value": "3.7.4E"
},
{
"version_affected": "=",
"version_value": "3.7.5E"
},
{
"version_affected": "=",
"version_value": "3.16.1S"
},
{
"version_affected": "=",
"version_value": "3.16.1aS"
},
{
"version_affected": "=",
"version_value": "3.16.2S"
},
{
"version_affected": "=",
"version_value": "3.16.2aS"
},
{
"version_affected": "=",
"version_value": "3.16.3S"
},
{
"version_affected": "=",
"version_value": "3.16.2bS"
},
{
"version_affected": "=",
"version_value": "3.16.3aS"
},
{
"version_affected": "=",
"version_value": "3.16.4S"
},
{
"version_affected": "=",
"version_value": "3.16.4aS"
},
{
"version_affected": "=",
"version_value": "3.16.4bS"
},
{
"version_affected": "=",
"version_value": "3.16.4gS"
},
{
"version_affected": "=",
"version_value": "3.16.5S"
},
{
"version_affected": "=",
"version_value": "3.16.4cS"
},
{
"version_affected": "=",
"version_value": "3.16.4dS"
},
{
"version_affected": "=",
"version_value": "3.16.4eS"
},
{
"version_affected": "=",
"version_value": "3.16.6S"
},
{
"version_affected": "=",
"version_value": "3.16.5aS"
},
{
"version_affected": "=",
"version_value": "3.16.5bS"
},
{
"version_affected": "=",
"version_value": "3.16.7S"
},
{
"version_affected": "=",
"version_value": "3.16.6bS"
},
{
"version_affected": "=",
"version_value": "3.16.7aS"
},
{
"version_affected": "=",
"version_value": "3.16.7bS"
},
{
"version_affected": "=",
"version_value": "3.17.0S"
},
{
"version_affected": "=",
"version_value": "3.17.1S"
},
{
"version_affected": "=",
"version_value": "3.17.2S"
},
{
"version_affected": "=",
"version_value": "3.17.1aS"
},
{
"version_affected": "=",
"version_value": "3.17.3S"
},
{
"version_affected": "=",
"version_value": "3.17.4S"
},
{
"version_affected": "=",
"version_value": "16.2.1"
},
{
"version_affected": "=",
"version_value": "16.2.2"
},
{
"version_affected": "=",
"version_value": "3.8.2E"
},
{
"version_affected": "=",
"version_value": "3.8.3E"
},
{
"version_affected": "=",
"version_value": "3.8.4E"
},
{
"version_affected": "=",
"version_value": "3.8.5E"
},
{
"version_affected": "=",
"version_value": "3.8.5aE"
},
{
"version_affected": "=",
"version_value": "3.8.6E"
},
{
"version_affected": "=",
"version_value": "16.3.1"
},
{
"version_affected": "=",
"version_value": "16.3.2"
},
{
"version_affected": "=",
"version_value": "16.3.3"
},
{
"version_affected": "=",
"version_value": "16.3.1a"
},
{
"version_affected": "=",
"version_value": "16.3.4"
},
{
"version_affected": "=",
"version_value": "16.3.5"
},
{
"version_affected": "=",
"version_value": "16.3.5b"
},
{
"version_affected": "=",
"version_value": "16.3.6"
},
{
"version_affected": "=",
"version_value": "16.4.1"
},
{
"version_affected": "=",
"version_value": "16.4.2"
},
{
"version_affected": "=",
"version_value": "16.4.3"
},
{
"version_affected": "=",
"version_value": "16.5.1"
},
{
"version_affected": "=",
"version_value": "16.5.1a"
},
{
"version_affected": "=",
"version_value": "16.5.1b"
},
{
"version_affected": "=",
"version_value": "16.5.2"
},
{
"version_affected": "=",
"version_value": "16.5.3"
},
{
"version_affected": "=",
"version_value": "3.18.0aS"
},
{
"version_affected": "=",
"version_value": "3.18.0S"
},
{
"version_affected": "=",
"version_value": "3.18.1S"
},
{
"version_affected": "=",
"version_value": "3.18.2S"
},
{
"version_affected": "=",
"version_value": "3.18.3S"
},
{
"version_affected": "=",
"version_value": "3.18.4S"
},
{
"version_affected": "=",
"version_value": "3.18.0SP"
},
{
"version_affected": "=",
"version_value": "3.18.1SP"
},
{
"version_affected": "=",
"version_value": "3.18.1aSP"
},
{
"version_affected": "=",
"version_value": "3.18.1gSP"
},
{
"version_affected": "=",
"version_value": "3.18.1bSP"
},
{
"version_affected": "=",
"version_value": "3.18.1cSP"
},
{
"version_affected": "=",
"version_value": "3.18.2SP"
},
{
"version_affected": "=",
"version_value": "3.18.1hSP"
},
{
"version_affected": "=",
"version_value": "3.18.2aSP"
},
{
"version_affected": "=",
"version_value": "3.18.1iSP"
},
{
"version_affected": "=",
"version_value": "3.18.3SP"
},
{
"version_affected": "=",
"version_value": "3.18.4SP"
},
{
"version_affected": "=",
"version_value": "3.18.3aSP"
},
{
"version_affected": "=",
"version_value": "3.18.3bSP"
},
{
"version_affected": "=",
"version_value": "3.9.0E"
},
{
"version_affected": "=",
"version_value": "3.9.1E"
},
{
"version_affected": "=",
"version_value": "3.9.2E"
},
{
"version_affected": "=",
"version_value": "3.9.2bE"
},
{
"version_affected": "=",
"version_value": "16.6.1"
},
{
"version_affected": "=",
"version_value": "16.6.2"
},
{
"version_affected": "=",
"version_value": "16.6.3"
},
{
"version_affected": "=",
"version_value": "16.7.1"
},
{
"version_affected": "=",
"version_value": "16.7.1a"
},
{
"version_affected": "=",
"version_value": "16.7.1b"
},
{
"version_affected": "=",
"version_value": "16.7.2"
},
{
"version_affected": "=",
"version_value": "16.8.1"
},
{
"version_affected": "=",
"version_value": "16.8.1a"
},
{
"version_affected": "=",
"version_value": "16.8.1b"
},
{
"version_affected": "=",
"version_value": "16.8.1s"
},
{
"version_affected": "=",
"version_value": "16.8.1c"
},
{
"version_affected": "=",
"version_value": "16.8.1d"
},
{
"version_affected": "=",
"version_value": "16.8.2"
},
{
"version_affected": "=",
"version_value": "16.9.1b"
},
{
"version_affected": "=",
"version_value": "16.9.1s"
},
{
"version_affected": "=",
"version_value": "16.9.1c"
},
{
"version_affected": "=",
"version_value": "3.10.0E"
},
{
"version_affected": "=",
"version_value": "3.10.1E"
},
{
"version_affected": "=",
"version_value": "3.10.0cE"
},
{
"version_affected": "=",
"version_value": "3.10.1aE"
},
{
"version_affected": "=",
"version_value": "3.10.1sE"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Cisco Smart Call Home feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software."
}
]
},
"exploit": [
{
"lang": "en",
"value": ""
}
],
"impact": {
"cvss": {
"baseScore": "5.9",
"vectorString": "",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190327 Cisco IOS and IOS XE Software Smart Call Home Certificate Validation Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-call-home-cert"
},
{
"name": "107617",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107617"
}
]
},
"source": {
"advisory": "cisco-sa-20190327-call-home-cert",
"defect": [
[
"CSCvg83741"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2019-1757",
"datePublished": "2019-03-28T00:20:21.311211Z",
"dateReserved": "2018-12-06T00:00:00",
"dateUpdated": "2024-11-15T15:15:52.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0197
Vulnerability from cvelistv5
Published
2018-10-05 14:00
Modified
2024-11-26 14:46
Severity ?
EPSS score ?
Summary
A vulnerability in the VLAN Trunking Protocol (VTP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to corrupt the internal VTP database on an affected device and cause a denial of service (DoS) condition. The vulnerability is due to a logic error in how the affected software handles a subset of VTP packets. An attacker could exploit this vulnerability by sending VTP packets in a sequence that triggers a timeout in the VTP message processing code of the affected software. A successful exploit could allow the attacker to impact the ability to create, modify, or delete VLANs and cause a DoS condition. There are workarounds that address this vulnerability. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS Software or Cisco IOS XE Software, are operating in VTP client mode or VTP server mode, and do not have a VTP domain name configured. The default configuration for Cisco devices that are running Cisco IOS Software or Cisco IOS XE Software and support VTP is to operate in VTP server mode with no domain name configured.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-vtp | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/105424 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco IOS and IOS XE Software |
Version: 15.2(2)E6 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:14:16.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20180926 Cisco IOS and IOS XE Software VLAN Trunking Protocol Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-vtp"
},
{
"name": "105424",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105424"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-0197",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-25T18:48:42.498649Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T14:46:22.295Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS and IOS XE Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "15.2(2)E6"
}
]
}
],
"datePublic": "2018-09-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the VLAN Trunking Protocol (VTP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to corrupt the internal VTP database on an affected device and cause a denial of service (DoS) condition. The vulnerability is due to a logic error in how the affected software handles a subset of VTP packets. An attacker could exploit this vulnerability by sending VTP packets in a sequence that triggers a timeout in the VTP message processing code of the affected software. A successful exploit could allow the attacker to impact the ability to create, modify, or delete VLANs and cause a DoS condition. There are workarounds that address this vulnerability. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS Software or Cisco IOS XE Software, are operating in VTP client mode or VTP server mode, and do not have a VTP domain name configured. The default configuration for Cisco devices that are running Cisco IOS Software or Cisco IOS XE Software and support VTP is to operate in VTP server mode with no domain name configured."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-24T13:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20180926 Cisco IOS and IOS XE Software VLAN Trunking Protocol Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-vtp"
},
{
"name": "105424",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105424"
}
],
"source": {
"advisory": "cisco-sa-20180926-vtp",
"defect": [
[
"CSCvd37163"
]
],
"discovery": "EXTERNAL"
},
"title": "Cisco IOS and IOS XE Software VLAN Trunking Protocol Denial of Service Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2018-09-26T16:00:00-0500",
"ID": "CVE-2018-0197",
"STATE": "PUBLIC",
"TITLE": "Cisco IOS and IOS XE Software VLAN Trunking Protocol Denial of Service Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS and IOS XE Software",
"version": {
"version_data": [
{
"version_value": "15.2(2)E6"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the VLAN Trunking Protocol (VTP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to corrupt the internal VTP database on an affected device and cause a denial of service (DoS) condition. The vulnerability is due to a logic error in how the affected software handles a subset of VTP packets. An attacker could exploit this vulnerability by sending VTP packets in a sequence that triggers a timeout in the VTP message processing code of the affected software. A successful exploit could allow the attacker to impact the ability to create, modify, or delete VLANs and cause a DoS condition. There are workarounds that address this vulnerability. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS Software or Cisco IOS XE Software, are operating in VTP client mode or VTP server mode, and do not have a VTP domain name configured. The default configuration for Cisco devices that are running Cisco IOS Software or Cisco IOS XE Software and support VTP is to operate in VTP server mode with no domain name configured."
}
]
},
"impact": {
"cvss": {
"baseScore": "4.3",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180926 Cisco IOS and IOS XE Software VLAN Trunking Protocol Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-vtp"
},
{
"name": "105424",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105424"
}
]
},
"source": {
"advisory": "cisco-sa-20180926-vtp",
"defect": [
[
"CSCvd37163"
]
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2018-0197",
"datePublished": "2018-10-05T14:00:00Z",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-11-26T14:46:22.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}