Lucene search

[email protected]NVD:CVE-2019-1755

HistoryMar 28, 2019 - 1:29 a.m.

CVE-2019-1755

2019-03-2801:29:00

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.002

Percentile

53.5%

JSON

A vulnerability in the Web Services Management Agent (WSMA) function of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary Cisco IOS commands as a privilege level 15 user. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker could exploit this vulnerability by submitting crafted HTTP requests to the targeted application. A successful exploit could allow the attacker to execute arbitrary commands on the affected device.

Affected configurations

Nvd

Node

ciscoios_xeMatch3.2.0ja

ciscoios_xeMatch3.6.10e

ciscoios_xeMatch16.1.1

ciscoios_xeMatch16.1.2

ciscoios_xeMatch16.1.3

ciscoios_xeMatch16.2.1

ciscoios_xeMatch16.2.2

ciscoios_xeMatch16.3.1

ciscoios_xeMatch16.3.1a

ciscoios_xeMatch16.3.2

ciscoios_xeMatch16.3.3

ciscoios_xeMatch16.3.4

ciscoios_xeMatch16.3.5

ciscoios_xeMatch16.3.5b

ciscoios_xeMatch16.3.6

ciscoios_xeMatch16.3.7

ciscoios_xeMatch16.3.8

ciscoios_xeMatch16.4.1

ciscoios_xeMatch16.4.2

ciscoios_xeMatch16.4.3

ciscoios_xeMatch16.5.1

ciscoios_xeMatch16.5.1a

ciscoios_xeMatch16.5.1b

ciscoios_xeMatch16.5.2

ciscoios_xeMatch16.5.3

ciscoios_xeMatch16.6.1

ciscoios_xeMatch16.6.2

ciscoios_xeMatch16.6.3

ciscoios_xeMatch16.7.1

ciscoios_xeMatch16.7.1a

ciscoios_xeMatch16.7.1b

ciscoios_xeMatch16.8.1

ciscoios_xeMatch16.8.1a

ciscoios_xeMatch16.8.1b

ciscoios_xeMatch16.8.1c

ciscoios_xeMatch16.8.1d

ciscoios_xeMatch16.8.1e

ciscoios_xeMatch16.8.1s

VendorProductVersionCPE
ciscoios_xe3.2.0jacpe:2.3:o:cisco:ios_xe:3.2.0ja:*:*:*:*:*:*:*
ciscoios_xe3.6.10ecpe:2.3:o:cisco:ios_xe:3.6.10e:*:*:*:*:*:*:*
ciscoios_xe16.1.1cpe:2.3:o:cisco:ios_xe:16.1.1:*:*:*:*:*:*:*
ciscoios_xe16.1.2cpe:2.3:o:cisco:ios_xe:16.1.2:*:*:*:*:*:*:*
ciscoios_xe16.1.3cpe:2.3:o:cisco:ios_xe:16.1.3:*:*:*:*:*:*:*
ciscoios_xe16.2.1cpe:2.3:o:cisco:ios_xe:16.2.1:*:*:*:*:*:*:*
ciscoios_xe16.2.2cpe:2.3:o:cisco:ios_xe:16.2.2:*:*:*:*:*:*:*
ciscoios_xe16.3.1cpe:2.3:o:cisco:ios_xe:16.3.1:*:*:*:*:*:*:*
ciscoios_xe16.3.1acpe:2.3:o:cisco:ios_xe:16.3.1a:*:*:*:*:*:*:*
ciscoios_xe16.3.2cpe:2.3:o:cisco:ios_xe:16.3.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios_xe	3.2.0ja	cpe:2.3:o:cisco:ios_xe:3.2.0ja:::::::*
cisco	ios_xe	3.6.10e	cpe:2.3:o:cisco:ios_xe:3.6.10e:::::::*
cisco	ios_xe	16.1.1	cpe:2.3:o:cisco:ios_xe:16.1.1:::::::*
cisco	ios_xe	16.1.2	cpe:2.3:o:cisco:ios_xe:16.1.2:::::::*
cisco	ios_xe	16.1.3	cpe:2.3:o:cisco:ios_xe:16.1.3:::::::*
cisco	ios_xe	16.2.1	cpe:2.3:o:cisco:ios_xe:16.2.1:::::::*
cisco	ios_xe	16.2.2	cpe:2.3:o:cisco:ios_xe:16.2.2:::::::*
cisco	ios_xe	16.3.1	cpe:2.3:o:cisco:ios_xe:16.3.1:::::::*
cisco	ios_xe	16.3.1a	cpe:2.3:o:cisco:ios_xe:16.3.1a:::::::*
cisco	ios_xe	16.3.2	cpe:2.3:o:cisco:ios_xe:16.3.2:::::::*

Rows per page:

1-10 of 381

References

www.securityfocus.com/bid/107380

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-iosxe-cmdinj

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.002

Percentile

53.5%

JSON

Related for NVD:CVE-2019-1755

nessus1 cve1 cvelist1 prion1 cisco1 threatpost1