FKIE_CVE-2019-1755

Vulnerability from fkie_nvd - Published: 2019-03-28 01:29 - Updated: 2024-11-21 04:37
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
7.2 (High) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the Web Services Management Agent (WSMA) function of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary Cisco IOS commands as a privilege level 15 user. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker could exploit this vulnerability by submitting crafted HTTP requests to the targeted application. A successful exploit could allow the attacker to execute arbitrary commands on the affected device.
References
psirt@cisco.comhttp://www.securityfocus.com/bid/107380Third Party Advisory, VDB Entry
psirt@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-iosxe-cmdinjPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/107380Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-iosxe-cmdinjPatch, Vendor Advisory
Impacted products
Vendor Product Version
cisco ios_xe 3.2.0ja
cisco ios_xe 3.6.10e
cisco ios_xe 16.1.1
cisco ios_xe 16.1.2
cisco ios_xe 16.1.3
cisco ios_xe 16.2.1
cisco ios_xe 16.2.2
cisco ios_xe 16.3.1
cisco ios_xe 16.3.1a
cisco ios_xe 16.3.2
cisco ios_xe 16.3.3
cisco ios_xe 16.3.4
cisco ios_xe 16.3.5
cisco ios_xe 16.3.5b
cisco ios_xe 16.3.6
cisco ios_xe 16.3.7
cisco ios_xe 16.3.8
cisco ios_xe 16.4.1
cisco ios_xe 16.4.2
cisco ios_xe 16.4.3
cisco ios_xe 16.5.1
cisco ios_xe 16.5.1a
cisco ios_xe 16.5.1b
cisco ios_xe 16.5.2
cisco ios_xe 16.5.3
cisco ios_xe 16.6.1
cisco ios_xe 16.6.2
cisco ios_xe 16.6.3
cisco ios_xe 16.7.1
cisco ios_xe 16.7.1a
cisco ios_xe 16.7.1b
cisco ios_xe 16.8.1
cisco ios_xe 16.8.1a
cisco ios_xe 16.8.1b
cisco ios_xe 16.8.1c
cisco ios_xe 16.8.1d
cisco ios_xe 16.8.1e
cisco ios_xe 16.8.1s
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.2.0ja:*:*:*:*:*:*:*",
              "matchCriteriaId": "52BC2A87-31EC-4E15-86E3-ECBEFA9E479A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.6.10e:*:*:*:*:*:*:*",
              "matchCriteriaId": "D92991EE-BB4A-499D-8F14-F7D0E32BE31E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0ED5527C-A638-4E20-9928-099E32E17743",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A685A9A-235D-4D74-9D6C-AC49E75709CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "43052998-0A27-4E83-A884-A94701A3F4CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "89526731-B712-43D3-B451-D7FC503D2D65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "302933FE-4B6A-48A3-97F0-4B943251B717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "296636F1-9242-429B-8472-90352C056106",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.3.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "77993343-0394-413F-ABF9-C1215E9AD800",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "283971DD-DD58-4A76-AC2A-F316534ED416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8F324A5-4830-482E-A684-AB3B6594CEAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8120196-8648-49D0-8262-CD4C9C90C37A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "33E7CCE2-C685-4019-9B55-B3BECB3E5F76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.3.5b:*:*:*:*:*:*:*",
              "matchCriteriaId": "0699DD6E-BA74-4814-93AB-300329C9D032",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2E2D781-2684-45F1-AC52-636572A0DCA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "479FB47B-AF2E-4FCB-8DE0-400BF325666C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF2B4C78-5C31-4F3D-9639-305E15576E79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "77E8AF15-AB46-4EAB-8872-8C55E8601599",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "957318BE-55D4-4585-AA52-C813301D01C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F11B703-8A0F-47ED-AA70-951FF78B94A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE7B2557-821D-4E05-B5C3-67192573D97D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.5.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EE6EC32-51E4-43A3-BFB9-A0D842D08E87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.5.1b:*:*:*:*:*:*:*",
              "matchCriteriaId": "187F699A-AF2F-42B0-B855-27413140C384",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E0B905E-4D92-4FD6-B2FF-41FF1F59A948",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "62EDEC28-661E-42EF-88F0-F62D0220D2E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F821EBD7-91E2-4460-BFAF-18482CF6CB8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E36D2D24-8F63-46DE-AC5F-8DE33332EBC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9B825E6-5929-4890-BDBA-4CF4BD2314C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "623BF701-ADC9-4F24-93C5-043A6A7FEF5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.7.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5311FBE-12BF-41AC-B8C6-D86007834863",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.7.1b:*:*:*:*:*:*:*",
              "matchCriteriaId": "52FB055E-72F9-4CB7-A51D-BF096BD1A55D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "57D4F634-03D5-4D9F-901C-7E9CE45F2F38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.8.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "4463A1D1-E169-4F0B-91B2-FA126BB444CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.8.1b:*:*:*:*:*:*:*",
              "matchCriteriaId": "D97F69C3-CAA6-491C-A0B6-6DC12B5AB472",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.8.1c:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDD58C58-1B0C-4A71-8C02-F555CEF9C253",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.8.1d:*:*:*:*:*:*:*",
              "matchCriteriaId": "96852D16-AF50-4C70-B125-D2349E6765D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.8.1e:*:*:*:*:*:*:*",
              "matchCriteriaId": "A15B882A-BA60-4932-A55E-F4A798B30EEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.8.1s:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C9C585C-A6EC-4385-B915-046C110BF95F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the Web Services Management Agent (WSMA) function of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary Cisco IOS commands as a privilege level 15 user. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker could exploit this vulnerability by submitting crafted HTTP requests to the targeted application. A successful exploit could allow the attacker to execute arbitrary commands on the affected device."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la funci\u00f3n WSMA (Web Services Management Agent) del software Cisco IOS XE podr\u00eda permitir que un atacante remoto autenticado ejecute comandos arbitrarios de Cisco IOS como usuario con nivel 15 de privilegios. La vulnerabilidad ocurre debido a que el software afectado sanea incorrectamente las entradas proporcionadas por el usuario. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de peticiones HTTP manipuladas a la aplicaci\u00f3n objetivo. Un exploit con \u00e9xito podr\u00eda permitir que el atacante ejecute comandos arbitrarios en el dispositivo afectado."
    }
  ],
  "id": "CVE-2019-1755",
  "lastModified": "2024-11-21T04:37:17.687",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.2,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-03-28T01:29:00.330",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107380"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-iosxe-cmdinj"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107380"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-iosxe-cmdinj"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.