CVE-2019-1755
Cisco IOS XE Software Command Injection Vulnerability
Severity Score
7.2
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
A vulnerability in the Web Services Management Agent (WSMA) function of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary Cisco IOS commands as a privilege level 15 user. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker could exploit this vulnerability by submitting crafted HTTP requests to the targeted application. A successful exploit could allow the attacker to execute arbitrary commands on the affected device.
Una vulnerabilidad en la función WSMA (Web Services Management Agent) del software Cisco IOS XE podría permitir que un atacante remoto autenticado ejecute comandos arbitrarios de Cisco IOS como usuario con nivel 15 de privilegios. La vulnerabilidad ocurre debido a que el software afectado sanea incorrectamente las entradas proporcionadas por el usuario. Un atacante podría explotar esta vulnerabilidad mediante el envío de peticiones HTTP manipuladas a la aplicación objetivo. Un exploit con éxito podría permitir que el atacante ejecute comandos arbitrarios en el dispositivo afectado.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-12-06 CVE Reserved
- 2019-03-28 CVE Published
- 2023-05-06 EPSS Updated
- 2024-11-21 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/107380 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-iosxe-cmdinj | 2019-10-09 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.2.0ja Search vendor "Cisco" for product "Ios Xe" and version "3.2.0ja" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.6.10e Search vendor "Cisco" for product "Ios Xe" and version "3.6.10e" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.1.1 Search vendor "Cisco" for product "Ios Xe" and version "16.1.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.1.2 Search vendor "Cisco" for product "Ios Xe" and version "16.1.2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.1.3 Search vendor "Cisco" for product "Ios Xe" and version "16.1.3" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.2.1 Search vendor "Cisco" for product "Ios Xe" and version "16.2.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.2.2 Search vendor "Cisco" for product "Ios Xe" and version "16.2.2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.3.1 Search vendor "Cisco" for product "Ios Xe" and version "16.3.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.3.1a Search vendor "Cisco" for product "Ios Xe" and version "16.3.1a" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.3.2 Search vendor "Cisco" for product "Ios Xe" and version "16.3.2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.3.3 Search vendor "Cisco" for product "Ios Xe" and version "16.3.3" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.3.4 Search vendor "Cisco" for product "Ios Xe" and version "16.3.4" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.3.5 Search vendor "Cisco" for product "Ios Xe" and version "16.3.5" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.3.5b Search vendor "Cisco" for product "Ios Xe" and version "16.3.5b" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.3.6 Search vendor "Cisco" for product "Ios Xe" and version "16.3.6" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.3.7 Search vendor "Cisco" for product "Ios Xe" and version "16.3.7" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.3.8 Search vendor "Cisco" for product "Ios Xe" and version "16.3.8" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.4.1 Search vendor "Cisco" for product "Ios Xe" and version "16.4.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.4.2 Search vendor "Cisco" for product "Ios Xe" and version "16.4.2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.4.3 Search vendor "Cisco" for product "Ios Xe" and version "16.4.3" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.5.1 Search vendor "Cisco" for product "Ios Xe" and version "16.5.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.5.1a Search vendor "Cisco" for product "Ios Xe" and version "16.5.1a" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.5.1b Search vendor "Cisco" for product "Ios Xe" and version "16.5.1b" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.5.2 Search vendor "Cisco" for product "Ios Xe" and version "16.5.2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.5.3 Search vendor "Cisco" for product "Ios Xe" and version "16.5.3" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.6.1 Search vendor "Cisco" for product "Ios Xe" and version "16.6.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.6.2 Search vendor "Cisco" for product "Ios Xe" and version "16.6.2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.6.3 Search vendor "Cisco" for product "Ios Xe" and version "16.6.3" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.7.1 Search vendor "Cisco" for product "Ios Xe" and version "16.7.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.7.1a Search vendor "Cisco" for product "Ios Xe" and version "16.7.1a" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.7.1b Search vendor "Cisco" for product "Ios Xe" and version "16.7.1b" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.8.1 Search vendor "Cisco" for product "Ios Xe" and version "16.8.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.8.1a Search vendor "Cisco" for product "Ios Xe" and version "16.8.1a" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.8.1b Search vendor "Cisco" for product "Ios Xe" and version "16.8.1b" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.8.1c Search vendor "Cisco" for product "Ios Xe" and version "16.8.1c" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.8.1d Search vendor "Cisco" for product "Ios Xe" and version "16.8.1d" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.8.1e Search vendor "Cisco" for product "Ios Xe" and version "16.8.1e" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.8.1s Search vendor "Cisco" for product "Ios Xe" and version "16.8.1s" | - |
Affected
| ||||||