CVE-2019-1842Improper Authorization in Cisco IOS XR Software

CWE-285Improper AuthorizationCWE-287Improper Authentication4 documents4 sources
Severity
5.4MEDIUMNVD
EPSS
0.3%
top 49.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XR SoftwareCisco IOS XR Firmware
Timeline
PublishedJun 5
Latest updateMay 24

Description

A vulnerability in the Secure Shell (SSH) authentication function of Cisco IOS XR Software could allow an authenticated, remote attacker to successfully log in to an affected device using two distinct usernames. The vulnerability is due to a logic error that may occur when certain sequences of actions are processed during an SSH login event on the affected device. An attacker could exploit this vulnerability by initiating an SSH session to the device with a specific sequence that presents the tw

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xr_softwareunspecified6.1.4
NVDcisco/ios_xr_firmware4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-v5xq-942q-fwvr: A vulnerability in the Secure Shell (SSH) authentication function of Cisco IOS XR Software could allow an authenticated, remote attacker to successful2022-05-24
CVEList
Cisco IOS XR Software Secure Shell Authentication Vulnerability2019-06-05

📋Vendor Advisories

1
Cisco
Cisco IOS XR Software Secure Shell Authentication Vulnerability2019-06-05
CVE-2019-1842 — Improper Authorization in Cisco | cvebase