Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2019-1862 | First vendor Publication | 2019-05-13 |
Vendor | Cve | Last vendor Modification | 2019-05-15 |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | |||
---|---|---|---|
Overall CVSS Score | 7.2 | ||
Base Score | 7.2 | Environmental Score | 7.2 |
impact SubScore | 5.9 | Temporal Score | 7.2 |
Exploitabality Sub Score | 1.2 | ||
Attack Vector | Network | Attack Complexity | Low |
Privileges Required | High | User Interaction | None |
Scope | Unchanged | Confidentiality Impact | High |
Integrity Impact | High | Availability Impact | High |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying a crafted input parameter on a form in the Web UI and then submitting that form. A successful exploit could allow the attacker to run arbitrary commands on the device with root privileges, which may lead to complete system compromise. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1862 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 1 |
Snort® IPS/IDS
Date | Description |
---|---|
2020-12-05 | Cisco IOS XE Web UI command injection attempt RuleID : 50118 - Revision : 2 - Type : SERVER-WEBAPP |
2020-12-05 | Cisco IOS XE Web UI command injection attempt RuleID : 50117 - Revision : 2 - Type : SERVER-WEBAPP |
Sources (Detail)
Source | Url |
---|---|
BID | http://www.securityfocus.com/bid/108331 |
CERT-VN | https://www.kb.cert.org/vuls/id/400865 |
CISCO | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s... |
Alert History
Date | Informations |
---|---|
2021-05-04 13:29:06 |
|
2021-04-22 02:43:15 |
|
2020-12-05 21:23:47 |
|
2020-05-23 02:27:07 |
|
2019-05-15 21:19:36 |
|
2019-05-15 05:19:15 |
|
2019-05-14 21:19:30 |
|
2019-05-14 05:18:19 |
|