8.8

CVE-2019-1743

A vulnerability in the web UI framework of Cisco IOS XE Software could allow an authenticated, remote attacker to make unauthorized changes to the filesystem of the affected device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by crafting a malicious file and uploading it to the device. An exploit could allow the attacker to gain elevated privileges on the affected device.

Data is provided by the National Vulnerability Database (NVD)
CiscoIos Xe Version16.2.1
CiscoIos Xe Version16.2.2
CiscoIos Xe Version16.3.1
CiscoIos Xe Version16.3.1a
CiscoIos Xe Version16.3.2
CiscoIos Xe Version16.3.3
CiscoIos Xe Version16.3.4
CiscoIos Xe Version16.3.5
CiscoIos Xe Version16.3.5b
CiscoIos Xe Version16.3.6
CiscoIos Xe Version16.4.1
CiscoIos Xe Version16.4.2
CiscoIos Xe Version16.4.3
CiscoIos Xe Version16.5.1
CiscoIos Xe Version16.5.1a
CiscoIos Xe Version16.5.1b
CiscoIos Xe Version16.5.2
CiscoIos Xe Version16.5.3
CiscoIos Xe Version16.6.1
CiscoIos Xe Version16.6.2
CiscoIos Xe Version16.6.3
CiscoIos Xe Version16.7.1
CiscoIos Xe Version16.7.1a
CiscoIos Xe Version16.7.1b
CiscoIos Xe Version16.8.1
CiscoIos Xe Version16.8.1a
CiscoIos Xe Version16.8.1b
CiscoIos Xe Version16.8.1c
CiscoIos Xe Version16.8.1d
CiscoIos Xe Version16.8.1e
CiscoIos Xe Version16.8.1s
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.72% 0.716
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P
psirt@cisco.com 8.8 2.8 5.9
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/107591
Third Party Advisory
VDB Entry