CVE-2019-12649

Published: Sep 25, 2019Modified: Nov 21, 2024

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. The vulnerability exists because, under certain circumstances, an affected device can be configured to not verify the digital signatures of system image files during the boot process. An attacker could exploit this vulnerability by abusing a specific feature that is part of the device boot process. A successful exploit could allow the attacker to install and boot a malicious software image or execute unsigned binaries on the targeted device.

Affected (2)

Products: Cisco: Ios Xe, Ios

Cisco

2 products

Ios Xe

Ios

Configuration A

1 vulnerable · 85 platform

Vulnerable Software	Affected Versions
Cisco Ios Xe	Version 16.8(1)

Running on/with	Platform Versions
Cisco Catalyst 3850 12s E	All versions
Cisco Catalyst 3850 12s S	All versions
Cisco Catalyst 3850 12xs E	All versions
Cisco Catalyst 3850 12xs S	All versions
Cisco Catalyst 3850 16xs E	All versions
Cisco Catalyst 3850 16xs S	All versions
Cisco Catalyst 3850 24p E	All versions
Cisco Catalyst 3850 24p L	All versions
Cisco Catalyst 3850 24p S	All versions
Cisco Catalyst 3850 24pw S	All versions
Cisco Catalyst 3850 24s E	All versions
Cisco Catalyst 3850 24s S	All versions
Cisco Catalyst 3850 24t E	All versions
Cisco Catalyst 3850 24t L	All versions
Cisco Catalyst 3850 24t S	All versions
Cisco Catalyst 3850 24u E	All versions
Cisco Catalyst 3850 24u L	All versions
Cisco Catalyst 3850 24u S	All versions
Cisco Catalyst 3850 24xs E	All versions
Cisco Catalyst 3850 24xs S	All versions
Cisco Catalyst 3850 24xu E	All versions
Cisco Catalyst 3850 24xu L	All versions
Cisco Catalyst 3850 24xu S	All versions
Cisco Catalyst 3850 32xs E	All versions
Cisco Catalyst 3850 32xs S	All versions
Cisco Catalyst 3850 48f E	All versions
Cisco Catalyst 3850 48f L	All versions
Cisco Catalyst 3850 48f S	All versions
Cisco Catalyst 3850 48p E	All versions
Cisco Catalyst 3850 48p L	All versions
Cisco Catalyst 3850 48p S	All versions
Cisco Catalyst 3850 48pw S	All versions
Cisco Catalyst 3850 48t E	All versions
Cisco Catalyst 3850 48t L	All versions
Cisco Catalyst 3850 48t S	All versions
Cisco Catalyst 3850 48u E	All versions
Cisco Catalyst 3850 48u L	All versions
Cisco Catalyst 3850 48u S	All versions
Cisco Catalyst 3850 48xs E	All versions
Cisco Catalyst 3850 48xs F E	All versions
Cisco Catalyst 3850 48xs F S	All versions
Cisco Catalyst 3850 48xs S	All versions
Cisco Catalyst 9300	All versions
Cisco Catalyst 9300 24p A	All versions
Cisco Catalyst 9300 24p E	All versions
Cisco Catalyst 9300 24s A	All versions
Cisco Catalyst 9300 24s E	All versions
Cisco Catalyst 9300 24t A	All versions
Cisco Catalyst 9300 24t E	All versions
Cisco Catalyst 9300 24u A	All versions
Cisco Catalyst 9300 24u E	All versions
Cisco Catalyst 9300 24ux A	All versions
Cisco Catalyst 9300 24ux E	All versions
Cisco Catalyst 9300 48p A	All versions
Cisco Catalyst 9300 48p E	All versions
Cisco Catalyst 9300 48s A	All versions
Cisco Catalyst 9300 48s E	All versions
Cisco Catalyst 9300 48t A	All versions
Cisco Catalyst 9300 48t E	All versions
Cisco Catalyst 9300 48u A	All versions
Cisco Catalyst 9300 48u E	All versions
Cisco Catalyst 9300 48un A	All versions
Cisco Catalyst 9300 48un E	All versions
Cisco Catalyst 9300 48uxm A	All versions
Cisco Catalyst 9300 48uxm E	All versions
Cisco Catalyst 9300l	All versions
Cisco Catalyst 9300l 24p 4g A	All versions
Cisco Catalyst 9300l 24p 4g E	All versions
Cisco Catalyst 9300l 24p 4x A	All versions
Cisco Catalyst 9300l 24p 4x E	All versions
Cisco Catalyst 9300l 24t 4g A	All versions
Cisco Catalyst 9300l 24t 4g E	All versions
Cisco Catalyst 9300l 24t 4x A	All versions
Cisco Catalyst 9300l 24t 4x E	All versions
Cisco Catalyst 9300l 48p 4g A	All versions
Cisco Catalyst 9300l 48p 4g E	All versions
Cisco Catalyst 9300l 48p 4x A	All versions
Cisco Catalyst 9300l 48p 4x E	All versions
Cisco Catalyst 9300l 48t 4g A	All versions
Cisco Catalyst 9300l 48t 4g E	All versions
Cisco Catalyst 9300l 48t 4x A	All versions
Cisco Catalyst 9300l 48t 4x E	All versions
Cisco Catalyst C3850 12x48u E	All versions
Cisco Catalyst C3850 12x48u L	All versions
Cisco Catalyst C3850 12x48u S	All versions

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Ios	Version 16.9.1

Related CWEs

CWE-347

Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iosxe-digsig-bypass

Source: psirt@cisco.com

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iosxe-digsig-bypass

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.