9

CVE-2019-12650

EPSS 13.42%
Veröffentlicht 25.09.2019 20:15:10
Zuletzt bearbeitet 21.11.2024 04:23:15
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Ios Version16.11.1

Cisco ≫ Ios Xe Version16.6.5

   Cisco ≫ 1100-4p Integrated Services Router Version-
   Cisco ≫ 1100-8p Integrated Services Router Version-
   Cisco ≫ 1101-4p Integrated Services Router Version-
   Cisco ≫ 1109-2p Integrated Services Router Version-
   Cisco ≫ 1109-4p Integrated Services Router Version-
   Cisco ≫ 1111x-8p Integrated Services Router Version-
   Cisco ≫ Asr 1001-x Version-
   Cisco ≫ Asr 1002-hx Version-
   Cisco ≫ Asr 1006-x Version-
   Cisco ≫ Asr 1009-x Version-
   Cisco ≫ Catalyst 3650-12x48uq Version-
   Cisco ≫ Catalyst 3650-12x48ur Version-
   Cisco ≫ Catalyst 3650-12x48uz Version-
   Cisco ≫ Catalyst 3650-24pd Version-
   Cisco ≫ Catalyst 3650-24pdm Version-
   Cisco ≫ Catalyst 3650-48fq Version-
   Cisco ≫ Catalyst 3650-48fqm Version-
   Cisco ≫ Catalyst 3650-8x24uq Version-
   Cisco ≫ Catalyst 3850-12x48u Version-
   Cisco ≫ Catalyst 3850-24u Version-
   Cisco ≫ Catalyst 3850-24xs Version-
   Cisco ≫ Catalyst 3850-24xu Version-
   Cisco ≫ Catalyst 3850-48u Version-
   Cisco ≫ Catalyst 3850-48xs Version-
   Cisco ≫ Catalyst 3850-nm-2-40g Version-
   Cisco ≫ Catalyst 3850-nm-8-10g Version-
   Cisco ≫ Catalyst 9800-40 Version-
   Cisco ≫ Catalyst 9800-80 Version-
   Cisco ≫ Catalyst 9800-cl Version-
   Cisco ≫ Catalyst 9800-l Version-
   Cisco ≫ Catalyst 9800-l-c Version-
   Cisco ≫ Catalyst 9800-l-f Version-
   Cisco ≫ Catalyst C9200-24p Version-
   Cisco ≫ Catalyst C9200-24t Version-
   Cisco ≫ Catalyst C9200-48p Version-
   Cisco ≫ Catalyst C9200-48t Version-
   Cisco ≫ Catalyst C9200l-24p-4g Version-
   Cisco ≫ Catalyst C9200l-24p-4x Version-
   Cisco ≫ Catalyst C9200l-24pxg-2y Version-
   Cisco ≫ Catalyst C9200l-24pxg-4x Version-
   Cisco ≫ Catalyst C9200l-24t-4g Version-
   Cisco ≫ Catalyst C9200l-24t-4x Version-
   Cisco ≫ Catalyst C9200l-48p-4g Version-
   Cisco ≫ Catalyst C9200l-48p-4x Version-
   Cisco ≫ Catalyst C9200l-48pxg-2y Version-
   Cisco ≫ Catalyst C9200l-48pxg-4x Version-
   Cisco ≫ Catalyst C9200l-48t-4g Version-
   Cisco ≫ Catalyst C9200l-48t-4x Version-
   Cisco ≫ Catalyst C9300-24p Version-
   Cisco ≫ Catalyst C9300-24s Version-
   Cisco ≫ Catalyst C9300-24t Version-
   Cisco ≫ Catalyst C9300-24u Version-
   Cisco ≫ Catalyst C9300-24ux Version-
   Cisco ≫ Catalyst C9300-48p Version-
   Cisco ≫ Catalyst C9300-48s Version-
   Cisco ≫ Catalyst C9300-48t Version-
   Cisco ≫ Catalyst C9300-48u Version-
   Cisco ≫ Catalyst C9300-48un Version-
   Cisco ≫ Catalyst C9300-48uxm Version-
   Cisco ≫ Catalyst C9300l-24p-4g Version-
   Cisco ≫ Catalyst C9300l-24p-4x Version-
   Cisco ≫ Catalyst C9300l-24t-4g Version-
   Cisco ≫ Catalyst C9300l-24t-4x Version-
   Cisco ≫ Catalyst C9300l-48p-4g Version-
   Cisco ≫ Catalyst C9300l-48p-4x Version-
   Cisco ≫ Catalyst C9300l-48t-4g Version-
   Cisco ≫ Catalyst C9300l-48t-4x Version-
   Cisco ≫ Catalyst C9500-12q Version-
   Cisco ≫ Catalyst C9500-16x Version-
   Cisco ≫ Catalyst C9500-24q Version-
   Cisco ≫ Catalyst C9500-24y4c Version-
   Cisco ≫ Catalyst C9500-32c Version-
   Cisco ≫ Catalyst C9500-32qc Version-
   Cisco ≫ Catalyst C9500-40x Version-
   Cisco ≫ Catalyst C9500-48y4c Version-
   Cisco ≫ Integrated Services Virtual Router Version-

Cisco ≫ Ios Xe Version17.1.1

   Cisco ≫ Catalyst 3650-12x48uq Version-
   Cisco ≫ Catalyst 3650-12x48ur Version-
   Cisco ≫ Catalyst 3650-12x48uz Version-
   Cisco ≫ Catalyst 3650-24pd Version-
   Cisco ≫ Catalyst 3650-24pdm Version-
   Cisco ≫ Catalyst 3650-48fq Version-
   Cisco ≫ Catalyst 3650-48fqm Version-
   Cisco ≫ Catalyst 3650-8x24uq Version-
   Cisco ≫ Catalyst 3850-12x48u Version-
   Cisco ≫ Catalyst 3850-24u Version-
   Cisco ≫ Catalyst 3850-24xs Version-
   Cisco ≫ Catalyst 3850-24xu Version-
   Cisco ≫ Catalyst 3850-48u Version-
   Cisco ≫ Catalyst 3850-48xs Version-
   Cisco ≫ Catalyst 3850-nm-2-40g Version-
   Cisco ≫ Catalyst 3850-nm-8-10g Version-
   Cisco ≫ Catalyst C9200-24p Version-
   Cisco ≫ Catalyst C9200-24t Version-
   Cisco ≫ Catalyst C9200-48p Version-
   Cisco ≫ Catalyst C9200-48t Version-
   Cisco ≫ Catalyst C9200l-24p-4g Version-
   Cisco ≫ Catalyst C9200l-24p-4x Version-
   Cisco ≫ Catalyst C9200l-24pxg-2y Version-
   Cisco ≫ Catalyst C9200l-24pxg-4x Version-
   Cisco ≫ Catalyst C9200l-24t-4g Version-
   Cisco ≫ Catalyst C9200l-24t-4x Version-
   Cisco ≫ Catalyst C9200l-48p-4g Version-
   Cisco ≫ Catalyst C9200l-48p-4x Version-
   Cisco ≫ Catalyst C9200l-48pxg-2y Version-
   Cisco ≫ Catalyst C9200l-48pxg-4x Version-
   Cisco ≫ Catalyst C9200l-48t-4g Version-
   Cisco ≫ Catalyst C9200l-48t-4x Version-
   Cisco ≫ Catalyst C9300-24p Version-
   Cisco ≫ Catalyst C9300-24s Version-
   Cisco ≫ Catalyst C9300-24t Version-
   Cisco ≫ Catalyst C9300-24u Version-
   Cisco ≫ Catalyst C9300-24ux Version-
   Cisco ≫ Catalyst C9300-48p Version-
   Cisco ≫ Catalyst C9300-48s Version-
   Cisco ≫ Catalyst C9300-48t Version-
   Cisco ≫ Catalyst C9300-48u Version-
   Cisco ≫ Catalyst C9300-48un Version-
   Cisco ≫ Catalyst C9300-48uxm Version-
   Cisco ≫ Catalyst C9300l-24p-4g Version-
   Cisco ≫ Catalyst C9300l-24p-4x Version-
   Cisco ≫ Catalyst C9300l-24t-4g Version-
   Cisco ≫ Catalyst C9300l-24t-4x Version-
   Cisco ≫ Catalyst C9300l-48p-4g Version-
   Cisco ≫ Catalyst C9300l-48p-4x Version-
   Cisco ≫ Catalyst C9300l-48t-4g Version-
   Cisco ≫ Catalyst C9300l-48t-4x Version-
   Cisco ≫ Catalyst C9500-12q Version-
   Cisco ≫ Catalyst C9500-16x Version-
   Cisco ≫ Catalyst C9500-24q Version-
   Cisco ≫ Catalyst C9500-24y4c Version-
   Cisco ≫ Catalyst C9500-32c Version-
   Cisco ≫ Catalyst C9500-32qc Version-
   Cisco ≫ Catalyst C9500-40x Version-
   Cisco ≫ Catalyst C9500-48y4c Version-
   Cisco ≫ Cloud Services Router 1000v Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	13.42%	0.94

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	9	8	10	AV:N/AC:L/Au:S/C:C/I:C/A:C
psirt@cisco.com	7.6	2.8	4.7	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-webui-cmd-injection

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-12650

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-12650

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-12650

EUVD