Lucene search

[email protected]NVD:CVE-2019-1904

HistoryJun 21, 2019 - 3:15 a.m.

CVE-2019-1904

2019-06-2103:15:09

CWE-352

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.002

Percentile

59.8%

JSON

A vulnerability in the web-based UI (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the user has administrative privileges, the attacker could alter the configuration, execute commands, or reload an affected device. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software with the HTTP Server feature enabled. The default state of the HTTP Server feature is version dependent.

Affected configurations

Nvd

Node

cisco4321_integrated_services_routerMatch-

AND

ciscoios_xeMatch16.1.3

ciscoios_xeMatch16.2.1

ciscoios_xeMatch16.3.1

Node

cisco4331_integrated_services_routerMatch-

AND

ciscoios_xeMatch16.1.3

ciscoios_xeMatch16.2.1

ciscoios_xeMatch16.3.1

Node

ciscoasr_1002-xMatch-

AND

ciscoios_xeMatch16.1.3

ciscoios_xeMatch16.2.1

ciscoios_xeMatch16.3.1

Node

cisco4431_integrated_services_routerMatch-

AND

ciscoios_xeMatch16.1.3

ciscoios_xeMatch16.2.1

ciscoios_xeMatch16.3.1

Node

ciscocloud_services_router_1000vMatch-

AND

ciscoios_xeMatch16.1.3

ciscoios_xeMatch16.2.1

ciscoios_xeMatch16.3.1

Node

ciscoasr_1000_series_route_processor_\(rp2\)Match-

AND

ciscoios_xeMatch16.1.3

ciscoios_xeMatch16.2.1

ciscoios_xeMatch16.3.1

Node

cisco4351_integrated_services_routerMatch-

AND

ciscoios_xeMatch16.1.3

ciscoios_xeMatch16.2.1

ciscoios_xeMatch16.3.1

Node

cisco4451-x_integrated_services_routerMatch-

AND

ciscoios_xeMatch16.1.3

ciscoios_xeMatch16.2.1

ciscoios_xeMatch16.3.1

Node

ciscoios_xeMatch16.1.3

ciscoios_xeMatch16.2.1

ciscoios_xeMatch16.3.1

AND

ciscoasr_1002-hxMatch-

Node

ciscoios_xeMatch16.1.3

ciscoios_xeMatch16.2.1

ciscoios_xeMatch16.3.1

AND

ciscoasr_1001-xMatch-

VendorProductVersionCPE
cisco4321_integrated_services_router-cpe:2.3:h:cisco:4321_integrated_services_router:-:*:*:*:*:*:*:*
ciscoios_xe16.1.3cpe:2.3:o:cisco:ios_xe:16.1.3:*:*:*:*:*:*:*
ciscoios_xe16.2.1cpe:2.3:o:cisco:ios_xe:16.2.1:*:*:*:*:*:*:*
ciscoios_xe16.3.1cpe:2.3:o:cisco:ios_xe:16.3.1:*:*:*:*:*:*:*
cisco4331_integrated_services_router-cpe:2.3:h:cisco:4331_integrated_services_router:-:*:*:*:*:*:*:*
ciscoasr_1002-x-cpe:2.3:h:cisco:asr_1002-x:-:*:*:*:*:*:*:*
cisco4431_integrated_services_router-cpe:2.3:h:cisco:4431_integrated_services_router:-:*:*:*:*:*:*:*
ciscocloud_services_router_1000v-cpe:2.3:h:cisco:cloud_services_router_1000v:-:*:*:*:*:*:*:*
ciscoasr_1000_series_route_processor_\(rp2\)-cpe:2.3:h:cisco:asr_1000_series_route_processor_\(rp2\):-:*:*:*:*:*:*:*
cisco4351_integrated_services_router-cpe:2.3:h:cisco:4351_integrated_services_router:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	4321_integrated_services_router	-	cpe:2.3:h:cisco:4321_integrated_services_router:-:::::::*
cisco	ios_xe	16.1.3	cpe:2.3:o:cisco:ios_xe:16.1.3:::::::*
cisco	ios_xe	16.2.1	cpe:2.3:o:cisco:ios_xe:16.2.1:::::::*
cisco	ios_xe	16.3.1	cpe:2.3:o:cisco:ios_xe:16.3.1:::::::*
cisco	4331_integrated_services_router	-	cpe:2.3:h:cisco:4331_integrated_services_router:-:::::::*
cisco	asr_1002-x	-	cpe:2.3:h:cisco:asr_1002-x:-:::::::*
cisco	4431_integrated_services_router	-	cpe:2.3:h:cisco:4431_integrated_services_router:-:::::::*
cisco	cloud_services_router_1000v	-	cpe:2.3:h:cisco:cloud_services_router_1000v:-:::::::*
cisco	asr_1000_series_route_processor_\(rp2\)	-	cpe:2.3:h:cisco:asr_1000_series_route_processor_\(rp2\):-:::::::*
cisco	4351_integrated_services_router	-	cpe:2.3:h:cisco:4351_integrated_services_router:-:::::::*

Rows per page:

1-10 of 131

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190612-iosxe-csrf

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.002

Percentile

59.8%

JSON

Related for NVD:CVE-2019-1904

cvelist1 cve1 prion1 nessus1 cisco1 threatpost1