CVE-2019-1756

CVE Database · CVE-2019-1756

CVE-2019-1756

· N/AModified

CVSS v3.1

N/A

EPSS

3.77%

Published

Mar 27, 2019

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying a username with a malicious payload in the web UI and subsequently making a request to a specific endpoint in the web UI. A successful exploit could allow the attacker to run arbitrary commands as the root user, allowing complete compromise of the system.

Weaknesses (CWE)

CWE-20CWE-20

Affected Products (16)

cisco · iosvulnerable

cisco · ios_xevulnerable

cisco · ios_xe

References (4)

http://www.securityfocus.com/bid/107598

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-iosxe-cmdinject

PatchVendor Advisory

http://www.securityfocus.com/bid/107598

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-iosxe-cmdinject

PatchVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs