CVSS: 4.4EPSS: 0%CPEs: 59EXPL: 0CVE-2019-1762 – Cisco IOS and IOS XE Software Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-1762
A vulnerability in the Secure Storage feature of Cisco IOS and IOS XE Software could allow an authenticated, local attacker to access sensitive system information on an affected device. The vulnerability is due to improper memory operations performed at encryption time, when affected software handles configuration updates. An attacker could exploit this vulnerability by retrieving the contents of specific memory locations of an affected device. A successful exploit could result in the disclosure of keying materials that are part of the device configuration, which can be used to recover critical system information. Una vulnerabilidad en la funcionalidad de almacenamiento seguro de los softwares Cisco IOS y Cisco IOS XE podría permitir que un atacante local no autenticado acceda a información sensible del sistema en un dispositivo afectado. • http://www.securityfocus.com/bid/107594 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-info • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 45EXPL: 1CVE-2019-1759 – Cisco IOS XE Software Gigabit Ethernet Management Interface Access Control List Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2019-1759
A vulnerability in access control list (ACL) functionality of the Gigabit Ethernet Management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to reach the configured IP addresses on the Gigabit Ethernet Management interface. The vulnerability is due to a logic error that was introduced in the Cisco IOS XE Software 16.1.1 Release, which prevents the ACL from working when applied against the management interface. An attacker could exploit this issue by attempting to access the device via the management interface. Una vulnerabilidad en la funcionalidad de listas de control de acceso (ACL) de la interfaz Gigabit Ethernet Management del software Cisco IOS XE podría permitir que un atacante remoto no autenticado alcance las direcciones IP configuradas de la interfaz Gigabit Ethernet Management. La vulnerabilidad se debe a un error de lógica que se introdujo en la versión 16.1.1 del software Cisco IOS XE, que evita que la ACL trabaje cuando se aplica contra la interfaz de gestión. • https://github.com/r3m0t3nu11/CVE-2019-1759-csrf-js-rce http://www.securityfocus.com/bid/107660 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-mgmtacl • CWE-284: Improper Access Control CWE-287: Improper Authentication •
CVSS: 7.1EPSS: 0%CPEs: 41EXPL: 0CVE-2019-1760 – Cisco IOS XE Software Performance Routing Version 3 Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1760
A vulnerability in Performance Routing Version 3 (PfRv3) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload. The vulnerability is due to the processing of malformed smart probe packets. An attacker could exploit this vulnerability by sending specially crafted smart probe packets at the affected device. A successful exploit could allow the attacker to reload the device, resulting in a denial of service (DoS) attack on an affected system. Una vulnerabilidad en Performance Routing Version 3 (PfRv3) del software Cisco IOS XE podría permitir que un atacante remoto no autenticado provoque que el dispositivo afectado se recargue. • http://www.securityfocus.com/bid/107611 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-pfrv3 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 1762EXPL: 0CVE-2019-1761 – Cisco IOS and IOS XE Software Hot Standby Router Protocol Information Leak Vulnerability
https://notcve.org/view.php?id=CVE-2019-1761
A vulnerability in the Hot Standby Router Protocol (HSRP) subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to receive potentially sensitive information from an affected device. The vulnerability is due to insufficient memory initialization. An attacker could exploit this vulnerability by receiving HSRPv2 traffic from an adjacent HSRP member. A successful exploit could allow the attacker to receive potentially sensitive information from the adjacent device. Una vulnerabilidad en el subsistema Hot Standby Router Protocol (HSRP) de los softwares Cisco IOS y IOS XE podría permitir que un atacante adyacente sin autenticar reciba información potencialmente sensible desde un dispositivo afectado. • http://www.securityfocus.com/bid/107620 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-ios-infoleak • CWE-665: Improper Initialization •
CVSS: 5.9EPSS: 0%CPEs: 239EXPL: 0CVE-2019-1757 – Cisco IOS and IOS XE Software Smart Call Home Certificate Validation Vulnerability
https://notcve.org/view.php?id=CVE-2019-1757
A vulnerability in the Cisco Smart Call Home feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software. Una vulnerabilidad en la funcionalidad Cisco Smart Call Home de los softwares Cisco IOS y Cisco IOS XE podría permitir que un atacante remoto no autenticado obtenga acceso de lectura no autorizado a datos sensibles mediante un certificado inválido. • http://www.securityfocus.com/bid/107617 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-call-home-cert • CWE-295: Improper Certificate Validation •