CVE-2019-1762
Cisco IOS and IOS XE Software Information Disclosure Vulnerability
Severity Score
4.4
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A vulnerability in the Secure Storage feature of Cisco IOS and IOS XE Software could allow an authenticated, local attacker to access sensitive system information on an affected device. The vulnerability is due to improper memory operations performed at encryption time, when affected software handles configuration updates. An attacker could exploit this vulnerability by retrieving the contents of specific memory locations of an affected device. A successful exploit could result in the disclosure of keying materials that are part of the device configuration, which can be used to recover critical system information.
Una vulnerabilidad en la funcionalidad de almacenamiento seguro de los softwares Cisco IOS y Cisco IOS XE podría permitir que un atacante local no autenticado acceda a información sensible del sistema en un dispositivo afectado. La vulnerabilidad se debe a operaciones de memoria incorrectas realizadas en tiempo de cifrado, cuando el software afectado maneja las actualizaciones de configuración. Un atacante podría explotar esta vulnerabilidad recuperando el contenido de ubicaciones específicas de memoria de un dispositivo afectado. Su explotación con éxito podría resultar en la divulgación de materiales de "keying" que forman parte de la configuración del dispositivo, lo que puede emplearse para recuperar información crítica del sistema.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-12-06 CVE Reserved
- 2019-03-28 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/107594 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-info | 2019-10-09 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 12.2\(6\)i1 Search vendor "Cisco" for product "Ios" and version "12.2\(6\)i1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.1\(2\)sg8a Search vendor "Cisco" for product "Ios" and version "15.1\(2\)sg8a" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.1\(3\)svg3d Search vendor "Cisco" for product "Ios" and version "15.1\(3\)svg3d" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.1\(3\)svi1b Search vendor "Cisco" for product "Ios" and version "15.1\(3\)svi1b" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.1\(3\)svm3 Search vendor "Cisco" for product "Ios" and version "15.1\(3\)svm3" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.1\(3\)svn2 Search vendor "Cisco" for product "Ios" and version "15.1\(3\)svn2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.1\(3\)svo1 Search vendor "Cisco" for product "Ios" and version "15.1\(3\)svo1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.1\(3\)svo2 Search vendor "Cisco" for product "Ios" and version "15.1\(3\)svo2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.1\(3\)svp1 Search vendor "Cisco" for product "Ios" and version "15.1\(3\)svp1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.1\(4\)m12c Search vendor "Cisco" for product "Ios" and version "15.1\(4\)m12c" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.2\(3\)ea1 Search vendor "Cisco" for product "Ios" and version "15.2\(3\)ea1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.2\(4\)jn1 Search vendor "Cisco" for product "Ios" and version "15.2\(4\)jn1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.2\(4a\)ea5 Search vendor "Cisco" for product "Ios" and version "15.2\(4a\)ea5" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.3\(3\)ja1n Search vendor "Cisco" for product "Ios" and version "15.3\(3\)ja1n" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.3\(3\)jf35 Search vendor "Cisco" for product "Ios" and version "15.3\(3\)jf35" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.3\(3\)ji2 Search vendor "Cisco" for product "Ios" and version "15.3\(3\)ji2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.3\(3\)jn1 Search vendor "Cisco" for product "Ios" and version "15.3\(3\)jn1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.3\(3\)jn2 Search vendor "Cisco" for product "Ios" and version "15.3\(3\)jn2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.6\(2\)sp3b Search vendor "Cisco" for product "Ios" and version "15.6\(2\)sp3b" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.6\(3\)m1 Search vendor "Cisco" for product "Ios" and version "15.6\(3\)m1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.6\(3\)m1a Search vendor "Cisco" for product "Ios" and version "15.6\(3\)m1a" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.6\(3\)m1b Search vendor "Cisco" for product "Ios" and version "15.6\(3\)m1b" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.6\(3\)m2 Search vendor "Cisco" for product "Ios" and version "15.6\(3\)m2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.6\(3\)m2a Search vendor "Cisco" for product "Ios" and version "15.6\(3\)m2a" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.6\(3\)m3 Search vendor "Cisco" for product "Ios" and version "15.6\(3\)m3" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.6\(3\)m3a Search vendor "Cisco" for product "Ios" and version "15.6\(3\)m3a" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.6\(3\)m4 Search vendor "Cisco" for product "Ios" and version "15.6\(3\)m4" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.6\(3.1\)m Search vendor "Cisco" for product "Ios" and version "15.6\(3.1\)m" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.7\(3\)m Search vendor "Cisco" for product "Ios" and version "15.7\(3\)m" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.7\(3\)m0a Search vendor "Cisco" for product "Ios" and version "15.7\(3\)m0a" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.7\(3\)m1 Search vendor "Cisco" for product "Ios" and version "15.7\(3\)m1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.6.1 Search vendor "Cisco" for product "Ios Xe" and version "16.6.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.6.2 Search vendor "Cisco" for product "Ios Xe" and version "16.6.2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.6.3 Search vendor "Cisco" for product "Ios Xe" and version "16.6.3" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.6.4 Search vendor "Cisco" for product "Ios Xe" and version "16.6.4" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.6.4a Search vendor "Cisco" for product "Ios Xe" and version "16.6.4a" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.6.4s Search vendor "Cisco" for product "Ios Xe" and version "16.6.4s" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.7.1 Search vendor "Cisco" for product "Ios Xe" and version "16.7.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.7.1a Search vendor "Cisco" for product "Ios Xe" and version "16.7.1a" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.7.1b Search vendor "Cisco" for product "Ios Xe" and version "16.7.1b" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.7.2 Search vendor "Cisco" for product "Ios Xe" and version "16.7.2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.7.3 Search vendor "Cisco" for product "Ios Xe" and version "16.7.3" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.7.4 Search vendor "Cisco" for product "Ios Xe" and version "16.7.4" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.8.1 Search vendor "Cisco" for product "Ios Xe" and version "16.8.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.8.1a Search vendor "Cisco" for product "Ios Xe" and version "16.8.1a" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.8.1b Search vendor "Cisco" for product "Ios Xe" and version "16.8.1b" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.8.1c Search vendor "Cisco" for product "Ios Xe" and version "16.8.1c" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.8.1d Search vendor "Cisco" for product "Ios Xe" and version "16.8.1d" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.8.1e Search vendor "Cisco" for product "Ios Xe" and version "16.8.1e" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.8.1s Search vendor "Cisco" for product "Ios Xe" and version "16.8.1s" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.8.2 Search vendor "Cisco" for product "Ios Xe" and version "16.8.2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.9.1 Search vendor "Cisco" for product "Ios Xe" and version "16.9.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.9.1a Search vendor "Cisco" for product "Ios Xe" and version "16.9.1a" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.9.1b Search vendor "Cisco" for product "Ios Xe" and version "16.9.1b" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.9.1c Search vendor "Cisco" for product "Ios Xe" and version "16.9.1c" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.9.1d Search vendor "Cisco" for product "Ios Xe" and version "16.9.1d" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.9.1s Search vendor "Cisco" for product "Ios Xe" and version "16.9.1s" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.9.2 Search vendor "Cisco" for product "Ios Xe" and version "16.9.2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.9.2a Search vendor "Cisco" for product "Ios Xe" and version "16.9.2a" | - |
Affected
| ||||||