CVE-2019-1754

Cisco IOS XE Software Privilege Escalation Vulnerability

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

A vulnerability in the authorization subsystem of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to improper validation of user privileges of web UI users. An attacker could exploit this vulnerability by submitting a malicious payload to a specific endpoint in the web UI. A successful exploit could allow the lower-privileged attacker to execute arbitrary commands with higher privileges on the affected device.

Una vulnerabilidad en el subsistema de autorización del software Cisco IOS XE podría permitir que un atacante remoto autenticado sin privilegios (nivel 1) ejecute comandos Cisco IOS privilegiados mediante el uso de la interfaz web. Esta vulnerabilidad se debe a una validación incorrecta de los privilegios de usuario de los usuarios de la interfaz web. Un atacante podría explotar esta vulnerabilidad enviando una carga útil maliciosa a un endpoint específico en la interfaz web. Su explotación con éxito podría permitir que el atacante con pocos privilegios ejecute comandos arbitrarios con privilegios mayores en el dispositivo afectado.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2018-12-06 CVE Reserved
2019-03-28 CVE Published
2023-05-06 EPSS Updated
2024-11-20 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation
CWE-269: Improper Privilege Management

CAPEC

References (2)

URL	Tag	Source
http://www.securityfocus.com/bid/107590	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-iosxe-privesc	2020-10-08

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Ios Xe Search vendor "Cisco" for product "Ios Xe"				3.2.0ja Search vendor "Cisco" for product "Ios Xe" and version "3.2.0ja"		-		Affected
Cisco Search vendor "Cisco"		Ios Xe Search vendor "Cisco" for product "Ios Xe"				16.7.1 Search vendor "Cisco" for product "Ios Xe" and version "16.7.1"		-		Affected
Cisco Search vendor "Cisco"		Ios Xe Search vendor "Cisco" for product "Ios Xe"				16.7.1a Search vendor "Cisco" for product "Ios Xe" and version "16.7.1a"		-		Affected
Cisco Search vendor "Cisco"		Ios Xe Search vendor "Cisco" for product "Ios Xe"				16.7.1b Search vendor "Cisco" for product "Ios Xe" and version "16.7.1b"		-		Affected
Cisco Search vendor "Cisco"		Ios Xe Search vendor "Cisco" for product "Ios Xe"				16.8.1 Search vendor "Cisco" for product "Ios Xe" and version "16.8.1"		-		Affected
Cisco Search vendor "Cisco"		Ios Xe Search vendor "Cisco" for product "Ios Xe"				16.8.1a Search vendor "Cisco" for product "Ios Xe" and version "16.8.1a"		-		Affected
Cisco Search vendor "Cisco"		Ios Xe Search vendor "Cisco" for product "Ios Xe"				16.8.1b Search vendor "Cisco" for product "Ios Xe" and version "16.8.1b"		-		Affected
Cisco Search vendor "Cisco"		Ios Xe Search vendor "Cisco" for product "Ios Xe"				16.8.1c Search vendor "Cisco" for product "Ios Xe" and version "16.8.1c"		-		Affected
Cisco Search vendor "Cisco"		Ios Xe Search vendor "Cisco" for product "Ios Xe"				16.8.1d Search vendor "Cisco" for product "Ios Xe" and version "16.8.1d"		-		Affected
Cisco Search vendor "Cisco"		Ios Xe Search vendor "Cisco" for product "Ios Xe"				16.8.1e Search vendor "Cisco" for product "Ios Xe" and version "16.8.1e"		-		Affected
Cisco Search vendor "Cisco"		Ios Xe Search vendor "Cisco" for product "Ios Xe"				16.8.1s Search vendor "Cisco" for product "Ios Xe" and version "16.8.1s"		-		Affected
Cisco Search vendor "Cisco"		Ios Xe Search vendor "Cisco" for product "Ios Xe"				16.8.2 Search vendor "Cisco" for product "Ios Xe" and version "16.8.2"		-		Affected
Cisco Search vendor "Cisco"		Ios Xe Search vendor "Cisco" for product "Ios Xe"				16.9.1b Search vendor "Cisco" for product "Ios Xe" and version "16.9.1b"		-		Affected
Cisco Search vendor "Cisco"		Ios Xe Search vendor "Cisco" for product "Ios Xe"				16.9.1c Search vendor "Cisco" for product "Ios Xe" and version "16.9.1c"		-		Affected
Cisco Search vendor "Cisco"		Ios Xe Search vendor "Cisco" for product "Ios Xe"				16.9.1d Search vendor "Cisco" for product "Ios Xe" and version "16.9.1d"		-		Affected
Cisco Search vendor "Cisco"		Ios Xe Search vendor "Cisco" for product "Ios Xe"				16.9.1s Search vendor "Cisco" for product "Ios Xe" and version "16.9.1s"		-		Affected