CVE-2019-15998

Cisco IOS XR Software NETCONF Over Secure Shell ACL Bypass Vulnerability

Severity Score

5.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability in the access-control logic of the NETCONF over Secure Shell (SSH) of Cisco IOS XR Software may allow connections despite an access control list (ACL) that is configured to deny access to the NETCONF over SSH of an affected device. The vulnerability is due to a missing check in the NETCONF over SSH access control list (ACL). An attacker could exploit this vulnerability by connecting to an affected device using NETCONF over SSH. A successful exploit could allow the attacker to connect to the device on the NETCONF port. Valid credentials are required to access the device. This vulnerability does not affect connections to the default SSH process on the device.

Una vulnerabilidad en la lógica de control de acceso de NETCONF sobre Secure Shell (SSH) del Software Cisco IOS XR, puede permitir conexiones a pesar de una lista de control de acceso (ACL) configurada para denegar el acceso a NETCONF sobre SSH de un dispositivo afectado. La vulnerabilidad es debido a una falta de comprobación en la lista de control de acceso (ACL) de NETCONF sobre SSH. Un atacante podría explotar esta vulnerabilidad al conectarse en un dispositivo afectado usando NETCONF sobre SSH. Una explotación con éxito podría permitir al atacante conectar con el dispositivo en el puerto NETCONF. Unas credenciales válidas son requeridas para acceder al dispositivo. Esta vulnerabilidad no afecta las conexiones al proceso SSH predeterminado en el dispositivo.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-09-06 CVE Reserved
2019-11-26 CVE Published
2023-03-08 EPSS Updated
2024-09-17 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-284: Improper Access Control
CWE-862: Missing Authorization

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-iosxr-ssh-bypass	2020-10-16

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	6.5.1 Search vendor "Cisco" for product "Ios Xr" and version "6.5.1"	-	Affected	in	Cisco Search vendor "Cisco"	Asr 9001 Search vendor "Cisco" for product "Asr 9001"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	6.5.1 Search vendor "Cisco" for product "Ios Xr" and version "6.5.1"	-	Affected	in	Cisco Search vendor "Cisco"	Asr 9006 Search vendor "Cisco" for product "Asr 9006"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	6.5.1 Search vendor "Cisco" for product "Ios Xr" and version "6.5.1"	-	Affected	in	Cisco Search vendor "Cisco"	Asr 9010 Search vendor "Cisco" for product "Asr 9010"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	6.5.1 Search vendor "Cisco" for product "Ios Xr" and version "6.5.1"	-	Affected	in	Cisco Search vendor "Cisco"	Asr 9901 Search vendor "Cisco" for product "Asr 9901"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	6.5.1 Search vendor "Cisco" for product "Ios Xr" and version "6.5.1"	-	Affected	in	Cisco Search vendor "Cisco"	Asr 9904 Search vendor "Cisco" for product "Asr 9904"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	6.5.1 Search vendor "Cisco" for product "Ios Xr" and version "6.5.1"	-	Affected	in	Cisco Search vendor "Cisco"	Asr 9912 Search vendor "Cisco" for product "Asr 9912"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	6.5.1 Search vendor "Cisco" for product "Ios Xr" and version "6.5.1"	-	Affected	in	Cisco Search vendor "Cisco"	Asr 9922 Search vendor "Cisco" for product "Asr 9922"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	6.5.2 Search vendor "Cisco" for product "Ios Xr" and version "6.5.2"	-	Affected	in	Cisco Search vendor "Cisco"	Asr 9001 Search vendor "Cisco" for product "Asr 9001"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	6.5.2 Search vendor "Cisco" for product "Ios Xr" and version "6.5.2"	-	Affected	in	Cisco Search vendor "Cisco"	Asr 9006 Search vendor "Cisco" for product "Asr 9006"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	6.5.2 Search vendor "Cisco" for product "Ios Xr" and version "6.5.2"	-	Affected	in	Cisco Search vendor "Cisco"	Asr 9010 Search vendor "Cisco" for product "Asr 9010"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	6.5.2 Search vendor "Cisco" for product "Ios Xr" and version "6.5.2"	-	Affected	in	Cisco Search vendor "Cisco"	Asr 9901 Search vendor "Cisco" for product "Asr 9901"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	6.5.2 Search vendor "Cisco" for product "Ios Xr" and version "6.5.2"	-	Affected	in	Cisco Search vendor "Cisco"	Asr 9904 Search vendor "Cisco" for product "Asr 9904"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	6.5.2 Search vendor "Cisco" for product "Ios Xr" and version "6.5.2"	-	Affected	in	Cisco Search vendor "Cisco"	Asr 9912 Search vendor "Cisco" for product "Asr 9912"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	6.5.2 Search vendor "Cisco" for product "Ios Xr" and version "6.5.2"	-	Affected	in	Cisco Search vendor "Cisco"	Asr 9922 Search vendor "Cisco" for product "Asr 9922"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	6.5.3 Search vendor "Cisco" for product "Ios Xr" and version "6.5.3"	-	Affected	in	Cisco Search vendor "Cisco"	Asr 9001 Search vendor "Cisco" for product "Asr 9001"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	6.5.3 Search vendor "Cisco" for product "Ios Xr" and version "6.5.3"	-	Affected	in	Cisco Search vendor "Cisco"	Asr 9006 Search vendor "Cisco" for product "Asr 9006"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	6.5.3 Search vendor "Cisco" for product "Ios Xr" and version "6.5.3"	-	Affected	in	Cisco Search vendor "Cisco"	Asr 9010 Search vendor "Cisco" for product "Asr 9010"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	6.5.3 Search vendor "Cisco" for product "Ios Xr" and version "6.5.3"	-	Affected	in	Cisco Search vendor "Cisco"	Asr 9901 Search vendor "Cisco" for product "Asr 9901"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	6.5.3 Search vendor "Cisco" for product "Ios Xr" and version "6.5.3"	-	Affected	in	Cisco Search vendor "Cisco"	Asr 9904 Search vendor "Cisco" for product "Asr 9904"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	6.5.3 Search vendor "Cisco" for product "Ios Xr" and version "6.5.3"	-	Affected	in	Cisco Search vendor "Cisco"	Asr 9912 Search vendor "Cisco" for product "Asr 9912"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	6.5.3 Search vendor "Cisco" for product "Ios Xr" and version "6.5.3"	-	Affected	in	Cisco Search vendor "Cisco"	Asr 9922 Search vendor "Cisco" for product "Asr 9922"	-	-	Safe