Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2019-1862
HistoryMay 13, 2019 - 8:29 p.m.

CVE-2019-1862

2019-05-1320:29:00
CWE-20
[email protected]
web.nvd.nist.gov
67
cve
cisco
ios
xe
software
web
ui
vulnerability
remote
code
execution
nvd

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

71.6%

JSON

A vulnerability in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying a crafted input parameter on a form in the Web UI and then submitting that form. A successful exploit could allow the attacker to run arbitrary commands on the device with root privileges, which may lead to complete system compromise.

CPENameOperatorVersion
cisco:ios_xecisco ios xeeq16.3.7

Related

prion 1
nessus 1
cisco 1
cvelist 1
thn 1
cert 1
threatpost 1
prion
prion
Input validation
2019-05-13 20:29:00
nessus
nessus
Cisco IOS XE Software Web UI Command Injection Vulnerability
2019-05-14 00:00:00
cisco
cisco
Cisco IOS XE Software Web UI Command Injection Vulnerability
2019-05-13 17:30:00
cvelist
cvelist
CVE-2019-1862 Cisco IOS XE Software Web UI Command Injection Vulnerability
2019-05-13 00:00:00
thn
thn
Flaw Affecting Millions of Cisco Devices Let Attackers Implant Persistent Backdoor
2019-05-14 08:54:00
cert
cert
Cisco Trust Anchor module (TAm) improperly checks code and Cisco IOS XE web UI does not sanitize user input
2019-05-14 00:00:00
threatpost
threatpost
Pair of Cisco Bugs, One Unpatched, Affect Millions of Devices
2019-05-13 22:17:55

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

71.6%

JSON
Related for CVE-2019-1862
prion1nessus1cisco1cvelist1thn1cert1threatpost1