CVE-2019-12648Improper Access Control in Cisco IOS 15.7 M

CWE-284Improper Access ControlCWE-863Incorrect Authorization4 documents4 sources
Severity
8.8HIGHNVD
EPSS
1.1%
top 21.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS 15.7 MCisco IOS
Timeline
PublishedSep 25
Latest updateMay 24

Description

A vulnerability in the IOx application environment for Cisco IOS Software could allow an authenticated, remote attacker to gain unauthorized access to the Guest Operating System (Guest OS) running on an affected device. The vulnerability is due to incorrect role-based access control (RBAC) evaluation when a low-privileged user requests access to a Guest OS that should be restricted to administrative accounts. An attacker could exploit this vulnerability by authenticating to the Guest OS by using

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5cisco/cisco_ios_15.7_munspecifiedn/a
NVDcisco/ios15.7\(3\)m3

🔴Vulnerability Details

2
GHSA
GHSA-hfqm-f33h-w94m: A vulnerability in the IOx application environment for Cisco IOS Software could allow an authenticated, remote attacker to gain unauthorized access to2022-05-24
CVEList
Cisco IOx for IOS Software Guest Operating System Unauthorized Access Vulnerability2019-09-25

📋Vendor Advisories

1
Cisco
Cisco IOx for IOS Software Guest Operating System Unauthorized Access Vulnerability2019-09-25
CVE-2019-12648 — Improper Access Control in Cisco | cvebase