Cisco IOS XE vulnerabilities

CVE-2019-1649 [MEDIUM] CWE-284 CVE-2019-1649: A vulnerability in the logic that handles access control to one of the hardware components in Cisco' A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that support hardware-based Secure Boot functionality. The vuln

CVE-2019-1748 [HIGH] CWE-295 CVE-2019-1748: A vulnerability in the Cisco Network Plug-and-Play (PnP) agent of Cisco IOS Software and Cisco IOS X A vulnerability in the Cisco Network Plug-and-Play (PnP) agent of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability exists because the affected software insufficiently validates certificates. An attacker could exploit this vulnerability by supplyi

CVE-2019-1741 [HIGH] CWE-20 CVE-2019-1741: A vulnerability in the Cisco Encrypted Traffic Analytics (ETA) feature of Cisco IOS XE Software coul A vulnerability in the Cisco Encrypted Traffic Analytics (ETA) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a logic error that exists when handling a malformed incoming packet, leading to access to an internal data structure after it has been fre

CVE-2019-1750 [HIGH] CWE-20 CVE-2019-1750: A vulnerability in the Easy Virtual Switching System (VSS) of Cisco IOS XE Software on Catalyst 4500 A vulnerability in the Easy Virtual Switching System (VSS) of Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an unauthenticated, adjacent attacker to cause the switches to reload. The vulnerability is due to incomplete error handling when processing Cisco Discovery Protocol (CDP) packets used with the Easy Virtual Switching System. An

CVE-2019-1753 [HIGH] CWE-20 CVE-2019-1753: A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated but unprivileged A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to a failure to validate and sanitize input in Web Services Management Agent (WSMA) functions. An attacker could exploit this vulnerability by su

CVE-2019-1752 [HIGH] CWE-20 CVE-2019-1752: A vulnerability in the ISDN functions of Cisco IOS Software and Cisco IOS XE Software could allow an A vulnerability in the ISDN functions of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of specific values in the Q.931 information elements. An attacker could exploit this vulnerability by calling the affected device with specifi

CVE-2019-1738 [HIGH] CWE-20 CVE-2019-1738: A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software an A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a parsing issue on DNS packets. An attacker could exploit these vulnerabilities by sending crafted DNS packets throu

CVE-2019-1743 [HIGH] CWE-20 CVE-2019-1743: A vulnerability in the web UI framework of Cisco IOS XE Software could allow an authenticated, remot A vulnerability in the web UI framework of Cisco IOS XE Software could allow an authenticated, remote attacker to make unauthorized changes to the filesystem of the affected device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by crafting a malicious file and uploading it to the device. An exploit co

CVE-2019-1747 [HIGH] CWE-20 CVE-2019-1747: A vulnerability in the implementation of the Short Message Service (SMS) handling functionality of C A vulnerability in the implementation of the Short Message Service (SMS) handling functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to improper processing of SMS protocol data units (PDUs) that are enc

CVE-2019-1739 [HIGH] CWE-20 CVE-2019-1739: A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software an A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a parsing issue on DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through

CVE-2019-1749 [HIGH] CWE-20 CVE-2019-1749: A vulnerability in the ingress traffic validation of Cisco IOS XE Software for Cisco Aggregation Ser A vulnerability in the ingress traffic validation of Cisco IOS XE Software for Cisco Aggregation Services Router (ASR) 900 Route Switch Processor 3 (RSP3) could allow an unauthenticated, adjacent attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the software insufficient

CVE-2019-1745 [HIGH] CWE-78 CVE-2019-1745: A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to inject arbi A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with elevated privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input t

CVE-2019-1740 [HIGH] CWE-20 CVE-2019-1740: A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software an A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability are due to a parsing issue on DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through

CVE-2019-1754 [HIGH] CWE-20 CVE-2019-1754: A vulnerability in the authorization subsystem of Cisco IOS XE Software could allow an authenticated A vulnerability in the authorization subsystem of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to improper validation of user privileges of web UI users. An attacker could exploit this vulnerability by submitting a maliciou

CVE-2019-1755 [HIGH] CWE-20 CVE-2019-1755: A vulnerability in the Web Services Management Agent (WSMA) function of Cisco IOS XE Software could A vulnerability in the Web Services Management Agent (WSMA) function of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary Cisco IOS commands as a privilege level 15 user. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker could exploit this vulnerability by su

CVE-2019-1756 [HIGH] CWE-20 CVE-2019-1756: A vulnerability in Cisco IOS XE Software could allow an authenticated, remote attacker to execute co A vulnerability in Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker who has valid administrator access to an affected device could exp

CVE-2019-1762 [MEDIUM] CWE-200 CVE-2019-1762: A vulnerability in the Secure Storage feature of Cisco IOS and IOS XE Software could allow an authen A vulnerability in the Secure Storage feature of Cisco IOS and IOS XE Software could allow an authenticated, local attacker to access sensitive system information on an affected device. The vulnerability is due to improper memory operations performed at encryption time, when affected software handles configuration updates. An attacker could exploit th

CVE-2019-1759 [MEDIUM] CWE-284 CVE-2019-1759: A vulnerability in access control list (ACL) functionality of the Gigabit Ethernet Management interf A vulnerability in access control list (ACL) functionality of the Gigabit Ethernet Management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to reach the configured IP addresses on the Gigabit Ethernet Management interface. The vulnerability is due to a logic error that was introduced in the Cisco IOS XE Software 16

CVE-2019-1760 [MEDIUM] CWE-20 CVE-2019-1760: A vulnerability in Performance Routing Version 3 (PfRv3) of Cisco IOS XE Software could allow an una A vulnerability in Performance Routing Version 3 (PfRv3) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload. The vulnerability is due to the processing of malformed smart probe packets. An attacker could exploit this vulnerability by sending specially crafted smart probe packets at the affect

CVE-2019-1757 [MEDIUM] CWE-295 CVE-2019-1757: A vulnerability in the Cisco Smart Call Home feature of Cisco IOS and IOS XE Software could allow an A vulnerability in the Cisco Smart Call Home feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by