// For flags

CVE-2019-1742

Cisco IOS XE Software Information Disclosure Vulnerability

Severity Score

5.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Attend
*SSVC
Descriptions

A vulnerability in the web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access sensitive configuration information. The vulnerability is due to improper access control to files within the web UI. An attacker could exploit this vulnerability by sending a malicious request to an affected device. A successful exploit could allow the attacker to gain access to sensitive configuration information.

Una vulnerabilidad en la interfaz web del software Cisco IOS XE podría permitir que un atacante remoto no autenticado acceda a información sensible sobre la configuración. Esta vulnerabilidad se debe al control de acceso a archivos incorrecto en la interfaz web. Un atacante podría explotar esta vulnerabilidad enviando una petición maliciosa a un dispositivo afectado. Un exploit exitoso podría permitir que el atacante obtenga acceso a información sensible sobre la configuración.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Attend
Exploitation
None
Automatable
Yes
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2018-12-06 CVE Reserved
  • 2019-03-27 CVE Published
  • 2024-08-17 EPSS Updated
  • 2024-11-19 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-16: Configuration
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
3.2.0ja
Search vendor "Cisco" for product "Ios Xe" and version "3.2.0ja"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.3.1
Search vendor "Cisco" for product "Ios Xe" and version "16.3.1"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.3.1a
Search vendor "Cisco" for product "Ios Xe" and version "16.3.1a"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.3.2
Search vendor "Cisco" for product "Ios Xe" and version "16.3.2"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.3.3
Search vendor "Cisco" for product "Ios Xe" and version "16.3.3"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.3.4
Search vendor "Cisco" for product "Ios Xe" and version "16.3.4"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.3.5
Search vendor "Cisco" for product "Ios Xe" and version "16.3.5"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.3.5b
Search vendor "Cisco" for product "Ios Xe" and version "16.3.5b"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.3.6
Search vendor "Cisco" for product "Ios Xe" and version "16.3.6"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.4.1
Search vendor "Cisco" for product "Ios Xe" and version "16.4.1"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.4.2
Search vendor "Cisco" for product "Ios Xe" and version "16.4.2"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.4.3
Search vendor "Cisco" for product "Ios Xe" and version "16.4.3"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.5.1
Search vendor "Cisco" for product "Ios Xe" and version "16.5.1"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.5.1a
Search vendor "Cisco" for product "Ios Xe" and version "16.5.1a"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.5.1b
Search vendor "Cisco" for product "Ios Xe" and version "16.5.1b"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.5.2
Search vendor "Cisco" for product "Ios Xe" and version "16.5.2"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.5.3
Search vendor "Cisco" for product "Ios Xe" and version "16.5.3"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.6.1
Search vendor "Cisco" for product "Ios Xe" and version "16.6.1"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.6.2
Search vendor "Cisco" for product "Ios Xe" and version "16.6.2"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.6.3
Search vendor "Cisco" for product "Ios Xe" and version "16.6.3"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.7.1
Search vendor "Cisco" for product "Ios Xe" and version "16.7.1"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.7.1a
Search vendor "Cisco" for product "Ios Xe" and version "16.7.1a"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.7.1b
Search vendor "Cisco" for product "Ios Xe" and version "16.7.1b"
-
Affected