CVE-2019-1759 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2019-1759

Analyzed

More Info Official Page

Source-ykramarz@cisco.com

Published At-28 Mar, 2019 | 01:29

Updated At-09 Oct, 2020 | 14:23

A vulnerability in access control list (ACL) functionality of the Gigabit Ethernet Management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to reach the configured IP addresses on the Gigabit Ethernet Management interface. The vulnerability is due to a logic error that was introduced in the Cisco IOS XE Software 16.1.1 Release, which prevents the ACL from working when applied against the management interface. An attacker could exploit this issue by attempting to access the device via the management interface.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Secondary	3.0	5.3	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:N

Type: Primary

Version: 3.1

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Type: Secondary

Version: 3.0

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Type: Primary

Version: 2.0

Base score: 5.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:N/C:N/I:P/A:N

CPE Matches

Cisco Systems, Inc.

>>ios_xe>>3.2.0ja

cpe:2.3:o:cisco:ios_xe:3.2.0ja:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.2.1

cpe:2.3:o:cisco:ios_xe:16.2.1:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.2.2

cpe:2.3:o:cisco:ios_xe:16.2.2:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.3.1

cpe:2.3:o:cisco:ios_xe:16.3.1:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.3.1a

cpe:2.3:o:cisco:ios_xe:16.3.1a:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.3.2

cpe:2.3:o:cisco:ios_xe:16.3.2:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.3.3

cpe:2.3:o:cisco:ios_xe:16.3.3:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.3.4

cpe:2.3:o:cisco:ios_xe:16.3.4:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.3.5

cpe:2.3:o:cisco:ios_xe:16.3.5:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.3.5b

cpe:2.3:o:cisco:ios_xe:16.3.5b:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.3.6

cpe:2.3:o:cisco:ios_xe:16.3.6:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.3.7

cpe:2.3:o:cisco:ios_xe:16.3.7:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.4.1

cpe:2.3:o:cisco:ios_xe:16.4.1:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.4.2

cpe:2.3:o:cisco:ios_xe:16.4.2:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.4.3

cpe:2.3:o:cisco:ios_xe:16.4.3:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.5.1

cpe:2.3:o:cisco:ios_xe:16.5.1:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.5.1a

cpe:2.3:o:cisco:ios_xe:16.5.1a:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.5.1b

cpe:2.3:o:cisco:ios_xe:16.5.1b:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.5.2

cpe:2.3:o:cisco:ios_xe:16.5.2:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.5.3

cpe:2.3:o:cisco:ios_xe:16.5.3:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.6.1

cpe:2.3:o:cisco:ios_xe:16.6.1:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.6.2

cpe:2.3:o:cisco:ios_xe:16.6.2:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.6.3

cpe:2.3:o:cisco:ios_xe:16.6.3:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.6.4

cpe:2.3:o:cisco:ios_xe:16.6.4:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.6.4a

cpe:2.3:o:cisco:ios_xe:16.6.4a:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.6.4s

cpe:2.3:o:cisco:ios_xe:16.6.4s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.7.1

cpe:2.3:o:cisco:ios_xe:16.7.1:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.7.1a

cpe:2.3:o:cisco:ios_xe:16.7.1a:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.7.1b

cpe:2.3:o:cisco:ios_xe:16.7.1b:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.7.2

cpe:2.3:o:cisco:ios_xe:16.7.2:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.8.1

cpe:2.3:o:cisco:ios_xe:16.8.1:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.8.1a

cpe:2.3:o:cisco:ios_xe:16.8.1a:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.8.1b

cpe:2.3:o:cisco:ios_xe:16.8.1b:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.8.1c

cpe:2.3:o:cisco:ios_xe:16.8.1c:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.8.1d

cpe:2.3:o:cisco:ios_xe:16.8.1d:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.8.1e

cpe:2.3:o:cisco:ios_xe:16.8.1e:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.8.1s

cpe:2.3:o:cisco:ios_xe:16.8.1s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.8.2

cpe:2.3:o:cisco:ios_xe:16.8.2:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.9.1

cpe:2.3:o:cisco:ios_xe:16.9.1:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.9.1a

cpe:2.3:o:cisco:ios_xe:16.9.1a:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.9.1b

cpe:2.3:o:cisco:ios_xe:16.9.1b:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.9.1c

cpe:2.3:o:cisco:ios_xe:16.9.1c:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.9.1d

cpe:2.3:o:cisco:ios_xe:16.9.1d:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.9.1s

cpe:2.3:o:cisco:ios_xe:16.9.1s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>16.9.2

cpe:2.3:o:cisco:ios_xe:16.9.2:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-287	Primary	nvd@nist.gov
CWE-284	Secondary	ykramarz@cisco.com

CWE ID: CWE-287

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-284

Type: Secondary

Source: ykramarz@cisco.com

References

Hyperlink	Source	Resource
http://www.securityfocus.com/bid/107660	ykramarz@cisco.com	Third Party Advisory VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-mgmtacl	ykramarz@cisco.com	Patch Vendor Advisory

Hyperlink: http://www.securityfocus.com/bid/107660

Source: ykramarz@cisco.com

Resource:

Third Party Advisory

VDB Entry

Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-mgmtacl

Source: ykramarz@cisco.com

Resource:

Patch

Vendor Advisory