4.4

CVE-2019-1762

A vulnerability in the Secure Storage feature of Cisco IOS and IOS XE Software could allow an authenticated, local attacker to access sensitive system information on an affected device. The vulnerability is due to improper memory operations performed at encryption time, when affected software handles configuration updates. An attacker could exploit this vulnerability by retrieving the contents of specific memory locations of an affected device. A successful exploit could result in the disclosure of keying materials that are part of the device configuration, which can be used to recover critical system information.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoIos Version12.2(6)i1
CiscoIos Version15.1(2)sg8a
CiscoIos Version15.1(3)svg3d
CiscoIos Version15.1(3)svi1b
CiscoIos Version15.1(3)svm3
CiscoIos Version15.1(3)svn2
CiscoIos Version15.1(3)svo1
CiscoIos Version15.1(3)svo2
CiscoIos Version15.1(3)svp1
CiscoIos Version15.1(4)m12c
CiscoIos Version15.2(3)ea1
CiscoIos Version15.2(4)jn1
CiscoIos Version15.2(4a)ea5
CiscoIos Version15.3(3)ja1n
CiscoIos Version15.3(3)jf35
CiscoIos Version15.3(3)ji2
CiscoIos Version15.3(3)jn1
CiscoIos Version15.3(3)jn2
CiscoIos Version15.6(2)sp3b
CiscoIos Version15.6(3)m1
CiscoIos Version15.6(3)m1a
CiscoIos Version15.6(3)m1b
CiscoIos Version15.6(3)m2
CiscoIos Version15.6(3)m2a
CiscoIos Version15.6(3)m3
CiscoIos Version15.6(3)m3a
CiscoIos Version15.6(3)m4
CiscoIos Version15.6(3.1)m
CiscoIos Version15.7(3)m
CiscoIos Version15.7(3)m0a
CiscoIos Version15.7(3)m1
CiscoIos Xe Version16.6.1
CiscoIos Xe Version16.6.2
CiscoIos Xe Version16.6.3
CiscoIos Xe Version16.6.4
CiscoIos Xe Version16.6.4a
CiscoIos Xe Version16.6.4s
CiscoIos Xe Version16.7.1
CiscoIos Xe Version16.7.1a
CiscoIos Xe Version16.7.1b
CiscoIos Xe Version16.7.2
CiscoIos Xe Version16.7.3
CiscoIos Xe Version16.7.4
CiscoIos Xe Version16.8.1
CiscoIos Xe Version16.8.1a
CiscoIos Xe Version16.8.1b
CiscoIos Xe Version16.8.1c
CiscoIos Xe Version16.8.1d
CiscoIos Xe Version16.8.1e
CiscoIos Xe Version16.8.1s
CiscoIos Xe Version16.8.2
CiscoIos Xe Version16.9.1
CiscoIos Xe Version16.9.1a
CiscoIos Xe Version16.9.1b
CiscoIos Xe Version16.9.1c
CiscoIos Xe Version16.9.1d
CiscoIos Xe Version16.9.1s
CiscoIos Xe Version16.9.2
CiscoIos Xe Version16.9.2a
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.02% 0.05
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.4 0.8 3.6
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:P/I:N/A:N
psirt@cisco.com 4.4 0.8 3.6
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.securityfocus.com/bid/107594
Third Party Advisory
VDB Entry