CVSS: 7.2EPSS: 0%CPEs: 211EXPL: 0CVE-2019-1649 – Cisco Secure Boot Hardware Tampering Vulnerability
https://notcve.org/view.php?id=CVE-2019-1649
13 May 2019 — A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that support hardware-based Secure Boot functionality. The vulnerability is due to an improper check on the area of code that manages on-premise updates to a Field Programmable Gate Array (FPGA) part of the Secure Boot har... • http://www.securityfocus.com/bid/108350 • CWE-284: Improper Access Control CWE-667: Improper Locking •
CVSS: 4.4EPSS: 0%CPEs: 59EXPL: 0CVE-2019-1762 – Cisco IOS and IOS XE Software Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-1762
28 Mar 2019 — A vulnerability in the Secure Storage feature of Cisco IOS and IOS XE Software could allow an authenticated, local attacker to access sensitive system information on an affected device. The vulnerability is due to improper memory operations performed at encryption time, when affected software handles configuration updates. An attacker could exploit this vulnerability by retrieving the contents of specific memory locations of an affected device. A successful exploit could result in the disclosure of keying m... • http://www.securityfocus.com/bid/107594 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 45EXPL: 1CVE-2019-1759 – Cisco IOS XE Software Gigabit Ethernet Management Interface Access Control List Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2019-1759
28 Mar 2019 — A vulnerability in access control list (ACL) functionality of the Gigabit Ethernet Management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to reach the configured IP addresses on the Gigabit Ethernet Management interface. The vulnerability is due to a logic error that was introduced in the Cisco IOS XE Software 16.1.1 Release, which prevents the ACL from working when applied against the management interface. An attacker could exploit this issue by attempting to access t... • https://github.com/r3m0t3nu11/CVE-2019-1759-csrf-js-rce • CWE-284: Improper Access Control CWE-287: Improper Authentication •
CVSS: 7.1EPSS: 0%CPEs: 41EXPL: 0CVE-2019-1760 – Cisco IOS XE Software Performance Routing Version 3 Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1760
28 Mar 2019 — A vulnerability in Performance Routing Version 3 (PfRv3) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload. The vulnerability is due to the processing of malformed smart probe packets. An attacker could exploit this vulnerability by sending specially crafted smart probe packets at the affected device. A successful exploit could allow the attacker to reload the device, resulting in a denial of service (DoS) attack on an affected system. Una vulner... • http://www.securityfocus.com/bid/107611 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 1762EXPL: 0CVE-2019-1761 – Cisco IOS and IOS XE Software Hot Standby Router Protocol Information Leak Vulnerability
https://notcve.org/view.php?id=CVE-2019-1761
28 Mar 2019 — A vulnerability in the Hot Standby Router Protocol (HSRP) subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to receive potentially sensitive information from an affected device. The vulnerability is due to insufficient memory initialization. An attacker could exploit this vulnerability by receiving HSRPv2 traffic from an adjacent HSRP member. A successful exploit could allow the attacker to receive potentially sensitive information from the adjacent device. Una vul... • http://www.securityfocus.com/bid/107620 • CWE-665: Improper Initialization •
CVSS: 5.9EPSS: 0%CPEs: 239EXPL: 0CVE-2019-1757 – Cisco IOS and IOS XE Software Smart Call Home Certificate Validation Vulnerability
https://notcve.org/view.php?id=CVE-2019-1757
28 Mar 2019 — A vulnerability in the Cisco Smart Call Home feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidenti... • http://www.securityfocus.com/bid/107617 • CWE-295: Improper Certificate Validation •
CVSS: 9.0EPSS: 0%CPEs: 16EXPL: 0CVE-2019-1754 – Cisco IOS XE Software Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-1754
28 Mar 2019 — A vulnerability in the authorization subsystem of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to improper validation of user privileges of web UI users. An attacker could exploit this vulnerability by submitting a malicious payload to a specific endpoint in the web UI. A successful exploit could allow the lower-privileged attacker to execute arbitrary commands with higher pri... • http://www.securityfocus.com/bid/107590 • CWE-20: Improper Input Validation CWE-269: Improper Privilege Management •
CVSS: 9.0EPSS: 0%CPEs: 38EXPL: 0CVE-2019-1755 – Cisco IOS XE Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1755
28 Mar 2019 — A vulnerability in the Web Services Management Agent (WSMA) function of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary Cisco IOS commands as a privilege level 15 user. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker could exploit this vulnerability by submitting crafted HTTP requests to the targeted application. A successful exploit could allow the attacker to execute arbitrary commands on the affected dev... • http://www.securityfocus.com/bid/107380 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 16EXPL: 0CVE-2019-1756 – Cisco IOS XE Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-1756
28 Mar 2019 — A vulnerability in Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying a username with a malicious payload in the web UI and subsequently making a request to a specific endpoint in the web U... • http://www.securityfocus.com/bid/107598 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 15EXPL: 0CVE-2019-1753 – Cisco IOS XE Software Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-1753
28 Mar 2019 — A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to a failure to validate and sanitize input in Web Services Management Agent (WSMA) functions. An attacker could exploit this vulnerability by submitting a malicious payload to the affected device's web UI. A successful exploit could allow the lower-privileged attacker to execute arbitrary commands w... • http://www.securityfocus.com/bid/107602 • CWE-20: Improper Input Validation •