CVE-2019-12660

EPSS 0.07%
Veröffentlicht 25.09.2019 21:15:11
Zuletzt bearbeitet 21.11.2024 04:23:17
Quelle psirt@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to write values to the underlying memory of an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to modify the configuration of the device to cause it to be non-secure and abnormally functioning.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Ios Xe Version >= 16.1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.208

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	4.9	3.9	6.9	AV:L/AC:L/Au:N/C:N/I:C/A:N
psirt@cisco.com	5.5	1.8	3.6	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-awr

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-12660

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-12660

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-12660

EUVD