CVE-2019-1759Improper Access Control in Cisco IOS XE Software

CWE-284Improper Access ControlCWE-287Improper Authentication4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
28.5%
top 3.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XE SoftwareCisco IOS XE
Timeline
PublishedMar 28
Latest updateMay 13

Description

A vulnerability in access control list (ACL) functionality of the Gigabit Ethernet Management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to reach the configured IP addresses on the Gigabit Ethernet Management interface. The vulnerability is due to a logic error that was introduced in the Cisco IOS XE Software 16.1.1 Release, which prevents the ACL from working when applied against the management interface. An attacker could exploit this issue by attempting

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xe_software45 versions+44
NVDcisco/ios_xe45 versions+44

Patches

Patch: tools.cisco.comPatch: tools.cisco.com

🔴Vulnerability Details

2
GHSA
GHSA-4pjp-5725-8mxh: A vulnerability in access control list (ACL) functionality of the Gigabit Ethernet Management interface of Cisco IOS XE Software could allow an unauth2022-05-13
CVEList
Cisco IOS XE Software Gigabit Ethernet Management Interface Access Control List Bypass Vulnerability2019-03-28

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software Gigabit Ethernet Management Interface Access Control List Bypass Vulnerability2019-03-27
CVE-2019-1759 — Improper Access Control in Cisco | cvebase