CVE-2019-12660Resource Exposure in Cisco IOS XE Software 3.2.11asg

CWE-668Resource Exposure4 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 79.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XE Software 3.2.11asgCisco IOS XE
Timeline
PublishedSep 25
Latest updateMay 24

Description

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to write values to the underlying memory of an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to modify the configuration of the

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xe_software_3.2.11asgunspecifiedn/a

🔴Vulnerability Details

2
GHSA
GHSA-xq77-4xgj-83fm: A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to write values to the underlying memory of an affect2022-05-24
CVEList
Cisco IOS XE Software ASIC Register Write Vulnerability2019-09-25

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software ASIC Register Write Vulnerability2019-09-25
CVE-2019-12660 — Resource Exposure in Cisco | cvebase