The vulnerability in the web interface of the Cisco IOS XE operating system allows a hacker to execute arbitrary commands with root privileges.

🗓️ 18 Jun 2019 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 2 Views

Cisco IOS XE Web UI has input validation flaws allowing root-level command execution.

Reporter	Title	Published	Views	Family All 15
Tenable Nessus	Cisco IOS XE Router Command Injection (cisco-sa-20190513-webui)	14 May 201900:00	–	nessus
Tenable Nessus	Cisco IOS XE Software Web UI Command Injection Vulnerability	14 May 201900:00	–	nessus
Circl	CVE-2019-1862	14 May 201911:42	–	circl
Cisco	Cisco IOS XE Software Web UI Command Injection Vulnerability	13 May 201917:30	–	cisco
CVE	CVE-2019-1862	13 May 201919:15	–	cve
Cvelist	CVE-2019-1862 Cisco IOS XE Software Web UI Command Injection Vulnerability	13 May 201919:15	–	cvelist
EUVD	EUVD-2019-10419	7 Oct 202500:30	–	euvd
NVD	CVE-2019-1862	13 May 201920:29	–	nvd
OSV	CVE-2019-1862	13 May 201920:29	–	osv
Prion	Input validation	13 May 201920:29	–	prion

Vulners

Node

cisco_systems cisco_ios_xeMatch16.5.1

OR

cisco_systems cisco_ios_xeMatch3.2.0ja

OR

cisco_systems cisco_ios_xeMatch16.3.1a

OR

cisco_systems cisco_ios_xeMatch16.5.1a

OR

cisco_systems cisco_ios_xeMatch16.2.1

OR

cisco_systems cisco_ios_xeMatch16.2.2

OR

cisco_systems cisco_ios_xeMatch16.3.1

OR

cisco_systems cisco_ios_xeMatch16.3.2

OR

cisco_systems cisco_ios_xeMatch16.3.3

OR

cisco_systems cisco_ios_xeMatch16.3.4

OR

cisco_systems cisco_ios_xeMatch16.3.5

OR

cisco_systems cisco_ios_xeMatch16.3.5b

OR

cisco_systems cisco_ios_xeMatch16.4.1

OR

cisco_systems cisco_ios_xeMatch16.6.1

OR

cisco_systems cisco_ios_xeMatch16.6.4

OR

cisco_systems cisco_ios_xeMatch16.7.1b

OR

cisco_systems cisco_ios_xeMatch16.4.3

OR

cisco_systems cisco_ios_xeMatch16.7.2

OR

cisco_systems cisco_ios_xeMatch16.3.6

OR

cisco_systems cisco_ios_xeMatch16.4.2

OR

cisco_systems cisco_ios_xeMatch16.5.1b

OR

cisco_systems cisco_ios_xeMatch16.5.2

OR

cisco_systems cisco_ios_xeMatch16.5.3

OR

cisco_systems cisco_ios_xeMatch16.6.2

OR

cisco_systems cisco_ios_xeMatch16.6.3

OR

cisco_systems cisco_ios_xeMatch16.7.1

OR

cisco_systems cisco_ios_xeMatch16.7.1a

OR

cisco_systems cisco_ios_xeMatch16.8.1

OR

cisco_systems cisco_ios_xeMatch16.8.1s

OR

cisco_systems cisco_ios_xeMatch16.9.1b

OR

cisco_systems cisco_ios_xeMatch16.3.7

OR

cisco_systems cisco_ios_xeMatch16.6.4s

OR

cisco_systems cisco_ios_xeMatch16.6.4a

OR

cisco_systems cisco_ios_xeMatch16.8.1b

OR

cisco_systems cisco_ios_xeMatch16.8.1a

OR

cisco_systems cisco_ios_xeMatch16.8.1c

OR

cisco_systems cisco_ios_xeMatch16.8.1d

OR

cisco_systems cisco_ios_xeMatch16.8.2

OR

cisco_systems cisco_ios_xeMatch16.8.1e

OR

cisco_systems cisco_ios_xeMatch16.9.1

OR

cisco_systems cisco_ios_xeMatch16.9.2

OR

cisco_systems cisco_ios_xeMatch16.9.1a

OR

cisco_systems cisco_ios_xeMatch16.9.1s

OR

cisco_systems cisco_ios_xeMatch16.9.1c

OR

cisco_systems cisco_ios_xeMatch16.9.1d

OR

cisco_systems cisco_ios_xeMatch16.9.2a

OR

cisco_systems cisco_ios_xeMatch16.7.3

OR

cisco_systems cisco_ios_xeMatch16.9.2h

OR

cisco_systems cisco_ios_xeMatch3.2.11asg

OR

cisco_systems cisco_ios_xeMatch16.8.3

OR

cisco_systems cisco_ios_xeMatch16.9.2s

OR

cisco_systems cisco_ios_xeMatch16.9.3h

Source	Link
tools	www.tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-webui
web	www.web.nvd.nist.gov/view/vuln/detail

23 Mar 2021 00:00Current

6.3Medium risk

Vulners AI Score6.3

CVSS 37.2

CVSS 28.3

EPSS0.00522

Cisco IOS XE Web interface input validation root privileges command execution Linux shell