cbcvebase.
CVE-2019-1753
published 2019-03-28

CVE-2019-1753: A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS…

PriorityP260high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EPSS
3.83%
88.8th percentile
A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to a failure to validate and sanitize input in Web Services Management Agent (WSMA) functions. An attacker could exploit this vulnerability by submitting a malicious payload to the affected device's web UI. A successful exploit could allow the lower-privileged attacker to execute arbitrary commands with higher privileges on the affected device.

Affected

54 ranges· showing 25
VendorProductVersion rangeFixed in
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software

Detection & IOCsextracted from sources · hover to see the quote

  • Exploit targets the Web Services Management Agent (WSMA) functions via the Cisco IOS XE web UI — monitor for authenticated level-1 users submitting unexpected or privileged-command payloads to the device web UI endpoint
  • Alert on privilege-level anomalies where a level-1 authenticated user executes commands that require elevated (privileged) IOS privilege levels — indicative of successful exploitation
  • Track Cisco bug ID CSCvi42203 for vendor patch status and any additional technical indicators released against this vulnerability
  • ·The vulnerability is exploitable only by an already-authenticated (level 1) user — ensure strong authentication controls and restrict web UI access to trusted management networks to reduce attack surface
  • ·There are no workarounds available; patching via Cisco software updates is the only mitigation

CVSS provenance

nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vendor_cisco8.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.