CVE-2019-12650Command Injection in Cisco IOS XE Software 3.2.11asg

CWE-77Command InjectionCWE-78OS Command Injection4 documents4 sources
Severity
8.8HIGHNVD
EPSS
13.4%
top 5.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco IOS XE Software 3.2.11asgCisco IOSCisco IOS XE
Timeline
PublishedSep 25
Latest updateMay 24

Description

Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5cisco/cisco_ios_xe_software_3.2.11asgunspecifiedn/a
NVDcisco/ios16.11.1
NVDcisco/ios_xe16.6.5, 17.1.1+1

🔴Vulnerability Details

2
GHSA
GHSA-w77v-9mp2-fhr5: Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute co2022-05-24
CVEList
Cisco IOS XE Software Web UI Command Injection Vulnerabilities2019-09-25

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software Web UI Command Injection Vulnerabilities2019-09-25
CVE-2019-12650 — Command Injection in Cisco | cvebase