CVE-2019-1753
published 2019-03-28CVE-2019-1753: A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS…
PriorityP260high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EPSS
3.83%
88.8th percentile
A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to a failure to validate and sanitize input in Web Services Management Agent (WSMA) functions. An attacker could exploit this vulnerability by submitting a malicious payload to the affected device's web UI. A successful exploit could allow the lower-privileged attacker to execute arbitrary commands with higher privileges on the affected device.
Affected
54 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
| cisco | cisco_ios_xe_software | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit targets the Web Services Management Agent (WSMA) functions via the Cisco IOS XE web UI — monitor for authenticated level-1 users submitting unexpected or privileged-command payloads to the device web UI endpoint ↗
- →Alert on privilege-level anomalies where a level-1 authenticated user executes commands that require elevated (privileged) IOS privilege levels — indicative of successful exploitation ↗
- →Track Cisco bug ID CSCvi42203 for vendor patch status and any additional technical indicators released against this vulnerability ↗
- ·The vulnerability is exploitable only by an already-authenticated (level 1) user — ensure strong authentication controls and restrict web UI access to trusted management networks to reduce attack surface ↗
- ·There are no workarounds available; patching via Cisco software updates is the only mitigation ↗
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vendor_cisco8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco IOS XE Software Privilege Escalation Vulnerability
vendor_cisco·2019-03-27·CVSS 8.8
CVE-2019-1753 [HIGH] CWE-20 Cisco IOS XE Software Privilege Escalation Vulnerability
Cisco IOS XE Software Privilege Escalation Vulnerability
A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI.
The vulnerability is due to a failure to validate and sanitize input in Web Services Management Agent (WSMA) functions. An attacker could exploit this vulnerability by submitting a malicious payload to the affected device's web UI. A successful exploit could allow the lower-privileged attacker to execute arbitrary commands with higher privileges on the affected device.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https:/
Cisco
Cisco IOS XE Software Privilege Escalation Vulnerability
vendor_cisco·CVSS 3.0
CVE-2019-1753 Cisco IOS XE Software Privilege Escalation Vulnerability
CVE-2019-1753: Cisco IOS XE Software Privilege Escalation Vulnerability
A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to a failure to validate and sanitize input in Web Services Management Agent (WSMA) functions. An attacker could exploit this vulnerability by submitting a malicious payload to the affected device's web UI. A successful exploit could allow the lower-privileged attacker to execute arbitrary commands with higher privileges on the affected device. Cisco has released software updates that address this vulnerability. There are no
CVSS: 3.0
CWE: CWE-20, CWE-20
Bug IDs: CSCvi42203
GHSA
GHSA-c7q8-hx63-756r: A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisc
ghsa_unreviewed·2022-05-13
CVE-2019-1753 [HIGH] CWE-20 GHSA-c7q8-hx63-756r: A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisc
A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to a failure to validate and sanitize input in Web Services Management Agent (WSMA) functions. An attacker could exploit this vulnerability by submitting a malicious payload to the affected device's web UI. A successful exploit could allow the lower-privileged attacker to execute arbitrary commands with higher privileges on the affected device.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-03-28
Published