5.5

CVE-2019-1842

A vulnerability in the Secure Shell (SSH) authentication function of Cisco IOS XR Software could allow an authenticated, remote attacker to successfully log in to an affected device using two distinct usernames. The vulnerability is due to a logic error that may occur when certain sequences of actions are processed during an SSH login event on the affected device. An attacker could exploit this vulnerability by initiating an SSH session to the device with a specific sequence that presents the two usernames. A successful exploit could result in logging data misrepresentation, user enumeration, or, in certain circumstances, a command authorization bypass. See the Details section for more information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoIos Xr Firmware Version6.1.2.tools
   CiscoAsr 9001 Version-
   CiscoAsr 9006 Version-
   CiscoAsr 9010 Version-
   CiscoAsr 9901 Version-
   CiscoAsr 9904 Version-
   CiscoAsr 9906 Version-
   CiscoAsr 9910 Version-
   CiscoAsr 9912 Version-
   CiscoAsr 9922 Version-
   CiscoCrs-1 16-slot Line Card Chassis Version-
   CiscoCrs-1 16-slot Single-shelf System Version-
   CiscoCrs-1 4-slot Single-shelf System Version-
   CiscoCrs-1 8-slot Line Card Chassis Version-
   CiscoCrs-1 8-slot Single-shelf System Version-
   CiscoCrs-1 Fabric Card Chassis Version-
   CiscoCrs-1 Line Card Chassis (dual) Version-
   CiscoCrs-1 Line Card Chassis (multi) Version-
   CiscoCrs-1 Multishelf System Version-
   CiscoCrs-3 16-slot Single-shelf System Version-
   CiscoCrs-3 4-slot Single-shelf System Version-
   CiscoCrs-3 8-slot Single-shelf System Version-
   CiscoCrs-3 Multishelf System Version-
   CiscoCrs-8/s-b Crs Version-
   CiscoCrs-8/scrs Version-
   CiscoCrs-x 16-slot Single-shelf System Version-
   CiscoCrs-x Multishelf System Version-
   CiscoNcs 6008-8-slot Chassis Version-
   CiscoNetwork Convergence System 5508 Version-
CiscoIos Xr Firmware Version6.1.3.tools
   CiscoAsr 9001 Version-
   CiscoAsr 9006 Version-
   CiscoAsr 9010 Version-
   CiscoAsr 9901 Version-
   CiscoAsr 9904 Version-
   CiscoAsr 9906 Version-
   CiscoAsr 9910 Version-
   CiscoAsr 9912 Version-
   CiscoAsr 9922 Version-
   CiscoCrs-1 16-slot Line Card Chassis Version-
   CiscoCrs-1 16-slot Single-shelf System Version-
   CiscoCrs-1 4-slot Single-shelf System Version-
   CiscoCrs-1 8-slot Line Card Chassis Version-
   CiscoCrs-1 8-slot Single-shelf System Version-
   CiscoCrs-1 Fabric Card Chassis Version-
   CiscoCrs-1 Line Card Chassis (dual) Version-
   CiscoCrs-1 Line Card Chassis (multi) Version-
   CiscoCrs-1 Multishelf System Version-
   CiscoCrs-3 16-slot Single-shelf System Version-
   CiscoCrs-3 4-slot Single-shelf System Version-
   CiscoCrs-3 8-slot Single-shelf System Version-
   CiscoCrs-3 Multishelf System Version-
   CiscoCrs-8/s-b Crs Version-
   CiscoCrs-8/scrs Version-
   CiscoCrs-x 16-slot Single-shelf System Version-
   CiscoCrs-x Multishelf System Version-
   CiscoNcs 6008-8-slot Chassis Version-
   CiscoNetwork Convergence System 5508 Version-
CiscoIos Xr Firmware Version6.2.3.tools
   CiscoAsr 9001 Version-
   CiscoAsr 9006 Version-
   CiscoAsr 9010 Version-
   CiscoAsr 9901 Version-
   CiscoAsr 9904 Version-
   CiscoAsr 9906 Version-
   CiscoAsr 9910 Version-
   CiscoAsr 9912 Version-
   CiscoAsr 9922 Version-
   CiscoCrs-1 16-slot Line Card Chassis Version-
   CiscoCrs-1 16-slot Single-shelf System Version-
   CiscoCrs-1 4-slot Single-shelf System Version-
   CiscoCrs-1 8-slot Line Card Chassis Version-
   CiscoCrs-1 8-slot Single-shelf System Version-
   CiscoCrs-1 Fabric Card Chassis Version-
   CiscoCrs-1 Line Card Chassis (dual) Version-
   CiscoCrs-1 Line Card Chassis (multi) Version-
   CiscoCrs-1 Multishelf System Version-
   CiscoCrs-3 16-slot Single-shelf System Version-
   CiscoCrs-3 4-slot Single-shelf System Version-
   CiscoCrs-3 8-slot Single-shelf System Version-
   CiscoCrs-3 Multishelf System Version-
   CiscoCrs-8/s-b Crs Version-
   CiscoCrs-8/scrs Version-
   CiscoCrs-x 16-slot Single-shelf System Version-
   CiscoCrs-x Multishelf System Version-
   CiscoNcs 6008-8-slot Chassis Version-
   CiscoNetwork Convergence System 5508 Version-
CiscoIos Xr Firmware Version6.4.2.tools
   CiscoAsr 9001 Version-
   CiscoAsr 9006 Version-
   CiscoAsr 9010 Version-
   CiscoAsr 9901 Version-
   CiscoAsr 9904 Version-
   CiscoAsr 9906 Version-
   CiscoAsr 9910 Version-
   CiscoAsr 9912 Version-
   CiscoAsr 9922 Version-
   CiscoCrs-1 16-slot Line Card Chassis Version-
   CiscoCrs-1 16-slot Single-shelf System Version-
   CiscoCrs-1 4-slot Single-shelf System Version-
   CiscoCrs-1 8-slot Line Card Chassis Version-
   CiscoCrs-1 8-slot Single-shelf System Version-
   CiscoCrs-1 Fabric Card Chassis Version-
   CiscoCrs-1 Line Card Chassis (dual) Version-
   CiscoCrs-1 Line Card Chassis (multi) Version-
   CiscoCrs-1 Multishelf System Version-
   CiscoCrs-3 16-slot Single-shelf System Version-
   CiscoCrs-3 4-slot Single-shelf System Version-
   CiscoCrs-3 8-slot Single-shelf System Version-
   CiscoCrs-3 Multishelf System Version-
   CiscoCrs-8/s-b Crs Version-
   CiscoCrs-8/scrs Version-
   CiscoCrs-x 16-slot Single-shelf System Version-
   CiscoCrs-x Multishelf System Version-
   CiscoNcs 6008-8-slot Chassis Version-
   CiscoNetwork Convergence System 5508 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.27% 0.472
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.4 2.8 2.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
nvd@nist.gov 5.5 8 4.9
AV:N/AC:L/Au:S/C:P/I:P/A:N
psirt@cisco.com 5.4 2.8 2.5
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://www.securityfocus.com/bid/108687
Third Party Advisory
VDB Entry