Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2019-1755
Modified
More InfoOfficial Page
Source-ykramarz@cisco.com
View Known Exploited Vulnerability (KEV) details
Published At-28 Mar, 2019 | 01:29
Updated At-09 Oct, 2019 | 23:47

A vulnerability in the Web Services Management Agent (WSMA) function of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary Cisco IOS commands as a privilege level 15 user. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker could exploit this vulnerability by submitting crafted HTTP requests to the targeted application. A successful exploit could allow the attacker to execute arbitrary commands on the affected device.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.2HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary3.06.5MEDIUM
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Primary2.09.0HIGH
AV:N/AC:L/Au:S/C:C/I:C/A:C
CPE Matches
Cisco Systems, Inc.
cisco
>>ios_xe>>3.2.0ja
cpe:2.3:o:cisco:ios_xe:3.2.0ja:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>3.6.10e
cpe:2.3:o:cisco:ios_xe:3.6.10e:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.1.1
cpe:2.3:o:cisco:ios_xe:16.1.1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.1.2
cpe:2.3:o:cisco:ios_xe:16.1.2:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.1.3
cpe:2.3:o:cisco:ios_xe:16.1.3:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.2.1
cpe:2.3:o:cisco:ios_xe:16.2.1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.2.2
cpe:2.3:o:cisco:ios_xe:16.2.2:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.3.1
cpe:2.3:o:cisco:ios_xe:16.3.1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.3.1a
cpe:2.3:o:cisco:ios_xe:16.3.1a:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.3.2
cpe:2.3:o:cisco:ios_xe:16.3.2:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.3.3
cpe:2.3:o:cisco:ios_xe:16.3.3:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.3.4
cpe:2.3:o:cisco:ios_xe:16.3.4:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.3.5
cpe:2.3:o:cisco:ios_xe:16.3.5:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.3.5b
cpe:2.3:o:cisco:ios_xe:16.3.5b:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.3.6
cpe:2.3:o:cisco:ios_xe:16.3.6:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.3.7
cpe:2.3:o:cisco:ios_xe:16.3.7:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.3.8
cpe:2.3:o:cisco:ios_xe:16.3.8:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.4.1
cpe:2.3:o:cisco:ios_xe:16.4.1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.4.2
cpe:2.3:o:cisco:ios_xe:16.4.2:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.4.3
cpe:2.3:o:cisco:ios_xe:16.4.3:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.5.1
cpe:2.3:o:cisco:ios_xe:16.5.1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.5.1a
cpe:2.3:o:cisco:ios_xe:16.5.1a:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.5.1b
cpe:2.3:o:cisco:ios_xe:16.5.1b:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.5.2
cpe:2.3:o:cisco:ios_xe:16.5.2:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.5.3
cpe:2.3:o:cisco:ios_xe:16.5.3:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.6.1
cpe:2.3:o:cisco:ios_xe:16.6.1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.6.2
cpe:2.3:o:cisco:ios_xe:16.6.2:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.6.3
cpe:2.3:o:cisco:ios_xe:16.6.3:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.7.1
cpe:2.3:o:cisco:ios_xe:16.7.1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.7.1a
cpe:2.3:o:cisco:ios_xe:16.7.1a:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.7.1b
cpe:2.3:o:cisco:ios_xe:16.7.1b:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.8.1
cpe:2.3:o:cisco:ios_xe:16.8.1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.8.1a
cpe:2.3:o:cisco:ios_xe:16.8.1a:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.8.1b
cpe:2.3:o:cisco:ios_xe:16.8.1b:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.8.1c
cpe:2.3:o:cisco:ios_xe:16.8.1c:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.8.1d
cpe:2.3:o:cisco:ios_xe:16.8.1d:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.8.1e
cpe:2.3:o:cisco:ios_xe:16.8.1e:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios_xe>>16.8.1s
cpe:2.3:o:cisco:ios_xe:16.8.1s:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE-20Secondaryykramarz@cisco.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/107380ykramarz@cisco.com
Third Party Advisory
VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-iosxe-cmdinjykramarz@cisco.com
Patch
Vendor Advisory
Change History
0Changes found
Details not found