Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2019-1681
HistoryFeb 21, 2019 - 8:29 p.m.

CVE-2019-1681

2019-02-2120:29:00
CWE-200
CWE-22
[email protected]
web.nvd.nist.gov
49
cve-2019-1681
cisco
network convergence system
tftp
vulnerability
information disclosure
directory traversal
cisco ios xr software
nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

72.8%

JSON

A vulnerability in the TFTP service of Cisco Network Convergence System 1000 Series software could allow an unauthenticated, remote attacker to retrieve arbitrary files from the targeted device, possibly resulting in information disclosure. The vulnerability is due to improper validation of user-supplied input within TFTP requests processed by the affected software. An attacker could exploit this vulnerability by using directory traversal techniques in malicious requests sent to the TFTP service on a targeted device. An exploit could allow the attacker to retrieve arbitrary files from the targeted device, resulting in the disclosure of sensitive information. This vulnerability affects Cisco IOS XR Software releases prior to Release 6.5.2 for Cisco Network Convergence System 1000 Series devices when the TFTP service is enabled.

Affected configurations

NVD
Node
ciscoios_xrRange<6.5.2
CPENameOperatorVersion
cisco:ios_xrcisco ios xrlt6.5.2

CNA Affected

[
  {
    "product": "Cisco Network Convergence System 1000 Series ",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "6.5.2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Related

prion 1
cisco 1
nvd 1
cvelist 1
prion
prion
Information disclosure
2019-02-21 20:29:00
cisco
cisco
Cisco Network Convergence System 1000 Series TFTP Directory Traversal Vulnerability
2019-02-20 16:00:00
nvd
nvd
CVE-2019-1681
2019-02-21 20:29:00
cvelist
cvelist
CVE-2019-1681 Cisco Network Convergence System 1000 Series TFTP Directory Traversal Vulnerability
2019-02-20 00:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

72.8%

JSON
Related for CVE-2019-1681
prion1cisco1nvd1cvelist1