CVSS: 5.3EPSS: 0%CPEs: 45EXPL: 1CVE-2019-1759 – Cisco IOS XE Software Gigabit Ethernet Management Interface Access Control List Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2019-1759
A vulnerability in access control list (ACL) functionality of the Gigabit Ethernet Management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to reach the configured IP addresses on the Gigabit Ethernet Management interface. The vulnerability is due to a logic error that was introduced in the Cisco IOS XE Software 16.1.1 Release, which prevents the ACL from working when applied against the management interface. An attacker could exploit this issue by attempting to access the device via the management interface. Una vulnerabilidad en la funcionalidad de listas de control de acceso (ACL) de la interfaz Gigabit Ethernet Management del software Cisco IOS XE podría permitir que un atacante remoto no autenticado alcance las direcciones IP configuradas de la interfaz Gigabit Ethernet Management. La vulnerabilidad se debe a un error de lógica que se introdujo en la versión 16.1.1 del software Cisco IOS XE, que evita que la ACL trabaje cuando se aplica contra la interfaz de gestión. • https://github.com/r3m0t3nu11/CVE-2019-1759-csrf-js-rce http://www.securityfocus.com/bid/107660 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-mgmtacl • CWE-284: Improper Access Control CWE-287: Improper Authentication •
CVSS: 7.1EPSS: 0%CPEs: 41EXPL: 0CVE-2019-1760 – Cisco IOS XE Software Performance Routing Version 3 Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1760
A vulnerability in Performance Routing Version 3 (PfRv3) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload. The vulnerability is due to the processing of malformed smart probe packets. An attacker could exploit this vulnerability by sending specially crafted smart probe packets at the affected device. A successful exploit could allow the attacker to reload the device, resulting in a denial of service (DoS) attack on an affected system. Una vulnerabilidad en Performance Routing Version 3 (PfRv3) del software Cisco IOS XE podría permitir que un atacante remoto no autenticado provoque que el dispositivo afectado se recargue. • http://www.securityfocus.com/bid/107611 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-pfrv3 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 1762EXPL: 0CVE-2019-1761 – Cisco IOS and IOS XE Software Hot Standby Router Protocol Information Leak Vulnerability
https://notcve.org/view.php?id=CVE-2019-1761
A vulnerability in the Hot Standby Router Protocol (HSRP) subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to receive potentially sensitive information from an affected device. The vulnerability is due to insufficient memory initialization. An attacker could exploit this vulnerability by receiving HSRPv2 traffic from an adjacent HSRP member. A successful exploit could allow the attacker to receive potentially sensitive information from the adjacent device. Una vulnerabilidad en el subsistema Hot Standby Router Protocol (HSRP) de los softwares Cisco IOS y IOS XE podría permitir que un atacante adyacente sin autenticar reciba información potencialmente sensible desde un dispositivo afectado. • http://www.securityfocus.com/bid/107620 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-ios-infoleak • CWE-665: Improper Initialization •
CVSS: 5.9EPSS: 0%CPEs: 239EXPL: 0CVE-2019-1757 – Cisco IOS and IOS XE Software Smart Call Home Certificate Validation Vulnerability
https://notcve.org/view.php?id=CVE-2019-1757
A vulnerability in the Cisco Smart Call Home feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software. Una vulnerabilidad en la funcionalidad Cisco Smart Call Home de los softwares Cisco IOS y Cisco IOS XE podría permitir que un atacante remoto no autenticado obtenga acceso de lectura no autorizado a datos sensibles mediante un certificado inválido. • http://www.securityfocus.com/bid/107617 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-call-home-cert • CWE-295: Improper Certificate Validation •
CVSS: 9.0EPSS: 0%CPEs: 16EXPL: 0CVE-2019-1754 – Cisco IOS XE Software Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-1754
A vulnerability in the authorization subsystem of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to improper validation of user privileges of web UI users. An attacker could exploit this vulnerability by submitting a malicious payload to a specific endpoint in the web UI. A successful exploit could allow the lower-privileged attacker to execute arbitrary commands with higher privileges on the affected device. Una vulnerabilidad en el subsistema de autorización del software Cisco IOS XE podría permitir que un atacante remoto autenticado sin privilegios (nivel 1) ejecute comandos Cisco IOS privilegiados mediante el uso de la interfaz web. • http://www.securityfocus.com/bid/107590 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-iosxe-privesc • CWE-20: Improper Input Validation CWE-269: Improper Privilege Management •