CVE-2019-1681Sensitive Information Exposure in Cisco Network Convergence System 1000 Series

CWE-200Sensitive Information ExposureCWE-22Path Traversal4 documents4 sources
Severity
7.5HIGHNVD
EPSS
10.5%
top 6.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Network Convergence System 1000 SeriesCisco IOS XR
Timeline
PublishedFeb 21
Latest updateMay 13

Description

A vulnerability in the TFTP service of Cisco Network Convergence System 1000 Series software could allow an unauthenticated, remote attacker to retrieve arbitrary files from the targeted device, possibly resulting in information disclosure. The vulnerability is due to improper validation of user-supplied input within TFTP requests processed by the affected software. An attacker could exploit this vulnerability by using directory traversal techniques in malicious requests sent to the TFTP service

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDcisco/ios_xr< 6.5.2

🔴Vulnerability Details

2
GHSA
GHSA-6v3v-c95x-rpq9: A vulnerability in the TFTP service of Cisco Network Convergence System 1000 Series software could allow an unauthenticated, remote attacker to retrie2022-05-13
CVEList
Cisco Network Convergence System 1000 Series TFTP Directory Traversal Vulnerability2019-02-21

📋Vendor Advisories

1
Cisco
Cisco Network Convergence System 1000 Series TFTP Directory Traversal Vulnerability2019-02-20
CVE-2019-1681 — Sensitive Information Exposure in Cisco | cvebase