← Back

CVE-2019-1759

nvd nist
Published: Mar 28, 2019Modified: Nov 21, 2024

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

A vulnerability in access control list (ACL) functionality of the Gigabit Ethernet Management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to reach the configured IP addresses on the Gigabit Ethernet Management interface. The vulnerability is due to a logic error that was introduced in the Cisco IOS XE Software 16.1.1 Release, which prevents the ACL from working when applied against the management interface. An attacker could exploit this issue by attempting to access the device via the management interface.

Affected (45)

Products: Cisco: Ios Xe
Cisco
1 product
Ios Xe
Configuration A
45 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Ios Xe
Version 16.2.1
Ios Xe
Version 16.2.2
Ios Xe
Version 16.3.1
Ios Xe
Version 16.3.1a
Ios Xe
Version 16.3.2
Ios Xe
Version 16.3.3
Ios Xe
Version 16.3.4
Ios Xe
Version 16.3.5
Ios Xe
Version 16.3.5b
Ios Xe
Version 16.3.6
Ios Xe
Version 16.3.7
Ios Xe
Version 16.4.1
Ios Xe
Version 16.4.2
Ios Xe
Version 16.4.3
Ios Xe
Version 16.5.1
Ios Xe
Version 16.5.1a
Ios Xe
Version 16.5.1b
Ios Xe
Version 16.5.2
Ios Xe
Version 16.5.3
Ios Xe
Version 16.6.1
Ios Xe
Version 16.6.2
Ios Xe
Version 16.6.3
Ios Xe
Version 16.6.4
Ios Xe
Version 16.6.4a
Ios Xe
Version 16.6.4s
Ios Xe
Version 16.7.1
Ios Xe
Version 16.7.1a
Ios Xe
Version 16.7.1b
Ios Xe
Version 16.7.2
Ios Xe
Version 16.8.1
Ios Xe
Version 16.8.1a
Ios Xe
Version 16.8.1b
Ios Xe
Version 16.8.1c
Ios Xe
Version 16.8.1d
Ios Xe
Version 16.8.1e
Ios Xe
Version 16.8.1s
Ios Xe
Version 16.8.2
Ios Xe
Version 16.9.1
Ios Xe
Version 16.9.1a
Ios Xe
Version 16.9.1b
Ios Xe
Version 16.9.1c
Ios Xe
Version 16.9.1d
Ios Xe
Version 16.9.1s
Ios Xe
Version 16.9.2
Ios Xe
Version 3.2.0ja

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (4)

Source: psirt@cisco.com
Third Party AdvisoryVDB Entry
Source: psirt@cisco.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.