Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cnvd-2019-08715
Vulnerability from cnvd
Title
Cisco IOS和IOS XE代理证书验证漏洞
Description
Cisco IOS和IOS XE都是美国思科(Cisco)公司的一套为其网络设备开发的操作系统。
Cisco IOS和IOS XE中的Cisco Network Plug-and-Play (PnP)代理存在证书验证漏洞,该漏洞源于程序未能充分地验证证书,远程攻击者可通过提交特制的证书利用该漏洞解密并修改敏感信息。
Severity
高
VLAI Severity ?
Patch Name
Cisco IOS和IOS XE代理证书验证漏洞的补丁
Patch Description
Cisco IOS和IOS XE都是美国思科(Cisco)公司的一套为其网络设备开发的操作系统。
Cisco IOS和IOS XE中的Cisco Network Plug-and-Play (PnP)代理存在证书验证漏洞,该漏洞源于程序未能充分地验证证书,远程攻击者可通过提交特制的证书利用该漏洞解密并修改敏感信息。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-pnp-cert
Reference
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-pnp-cert
https://nvd.nist.gov/vuln/detail/CVE-2019-1748
Impacted products
| Name | ['Cisco IOS XE', 'Cisco IOS'] |
|---|
{
"bids": {
"bid": {
"bidNumber": "107619"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2019-1748"
}
},
"description": "Cisco IOS\u548cIOS XE\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e3a\u5176\u7f51\u7edc\u8bbe\u5907\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\n\nCisco IOS\u548cIOS XE\u4e2d\u7684Cisco Network Plug-and-Play (PnP)\u4ee3\u7406\u5b58\u5728\u8bc1\u4e66\u9a8c\u8bc1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u5730\u9a8c\u8bc1\u8bc1\u4e66\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u63d0\u4ea4\u7279\u5236\u7684\u8bc1\u4e66\u5229\u7528\u8be5\u6f0f\u6d1e\u89e3\u5bc6\u5e76\u4fee\u6539\u654f\u611f\u4fe1\u606f\u3002",
"discovererName": "Cisco",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-pnp-cert",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-08715",
"openTime": "2019-03-29",
"patchDescription": "Cisco IOS\u548cIOS XE\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e3a\u5176\u7f51\u7edc\u8bbe\u5907\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nCisco IOS\u548cIOS XE\u4e2d\u7684Cisco Network Plug-and-Play (PnP)\u4ee3\u7406\u5b58\u5728\u8bc1\u4e66\u9a8c\u8bc1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u5730\u9a8c\u8bc1\u8bc1\u4e66\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u63d0\u4ea4\u7279\u5236\u7684\u8bc1\u4e66\u5229\u7528\u8be5\u6f0f\u6d1e\u89e3\u5bc6\u5e76\u4fee\u6539\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Cisco IOS\u548cIOS XE\u4ee3\u7406\u8bc1\u4e66\u9a8c\u8bc1\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Cisco IOS XE",
"Cisco IOS"
]
},
"referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-pnp-cert\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-1748",
"serverity": "\u9ad8",
"submitTime": "2019-03-28",
"title": "Cisco IOS\u548cIOS XE\u4ee3\u7406\u8bc1\u4e66\u9a8c\u8bc1\u6f0f\u6d1e"
}
CVE-2019-1748 (GCVE-0-2019-1748)
Vulnerability from cvelistv5
Published
2019-03-27 23:50
Modified
2024-09-17 02:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability in the Cisco Network Plug-and-Play (PnP) agent of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability exists because the affected software insufficiently validates certificates. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt and modify confidential information on user connections to the affected software.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS and IOS XE Software |
Version: 3.7.7S Version: 3.9.1S Version: 3.9.0S Version: 3.9.2S Version: 3.9.1aS Version: 3.9.0aS Version: 3.3.0SE Version: 3.3.1SE Version: 3.3.2SE Version: 3.3.3SE Version: 3.3.4SE Version: 3.3.5SE Version: 3.3.0XO Version: 3.3.1XO Version: 3.3.2XO Version: 3.5.0E Version: 3.5.1E Version: 3.5.2E Version: 3.5.3E Version: 3.10.0S Version: 3.10.1S Version: 3.10.2S Version: 3.10.3S Version: 3.10.4S Version: 3.10.5S Version: 3.10.6S Version: 3.10.2aS Version: 3.10.2tS Version: 3.10.7S Version: 3.10.8S Version: 3.10.8aS Version: 3.10.9S Version: 3.10.10S Version: 3.11.1S Version: 3.11.2S Version: 3.11.0S Version: 3.11.3S Version: 3.11.4S Version: 3.12.0S Version: 3.12.1S Version: 3.12.2S Version: 3.12.3S Version: 3.12.0aS Version: 3.12.4S Version: 3.13.0S Version: 3.13.1S Version: 3.13.2S Version: 3.13.3S Version: 3.13.4S Version: 3.13.5S Version: 3.13.2aS Version: 3.13.0aS Version: 3.13.5aS Version: 3.13.6S Version: 3.13.7S Version: 3.13.6aS Version: 3.13.6bS Version: 3.13.7aS Version: 3.13.8S Version: 3.13.9S Version: 3.6.0E Version: 3.6.1E Version: 3.6.0aE Version: 3.6.0bE Version: 3.6.2aE Version: 3.6.2E Version: 3.6.3E Version: 3.6.4E Version: 3.6.5E Version: 3.6.6E Version: 3.6.5aE Version: 3.6.5bE Version: 3.6.7E Version: 3.6.7aE Version: 3.6.7bE Version: 3.6.9E Version: 3.6.10E Version: 3.6.9aE Version: 3.14.0S Version: 3.14.1S Version: 3.14.2S Version: 3.14.3S Version: 3.14.4S Version: 3.15.0S Version: 3.15.1S Version: 3.15.2S Version: 3.15.1cS Version: 3.15.3S Version: 3.15.4S Version: 3.7.0E Version: 3.7.1E Version: 3.7.2E Version: 3.7.3E Version: 3.7.4E Version: 3.7.5E Version: 3.16.0S Version: 3.16.1S Version: 3.16.0aS Version: 3.16.1aS Version: 3.16.2S Version: 3.16.2aS Version: 3.16.0bS Version: 3.16.0cS Version: 3.16.3S Version: 3.16.2bS Version: 3.16.3aS Version: 3.16.4S Version: 3.16.4aS Version: 3.16.4bS Version: 3.16.4gS Version: 3.16.5S Version: 3.16.4cS Version: 3.16.4dS Version: 3.16.4eS Version: 3.16.6S Version: 3.16.5aS Version: 3.16.5bS Version: 3.16.7S Version: 3.16.6bS Version: 3.16.7aS Version: 3.17.0S Version: 3.17.1S Version: 3.17.2S Version: 3.17.1aS Version: 3.17.3S Version: 3.17.4S Version: 16.1.1 Version: 16.1.2 Version: 16.1.3 Version: 16.2.1 Version: 16.2.2 Version: 3.8.0E Version: 3.8.1E Version: 3.8.2E Version: 3.8.3E Version: 3.8.4E Version: 3.8.5E Version: 3.8.5aE Version: 3.8.6E Version: 16.3.1 Version: 16.3.2 Version: 16.3.3 Version: 16.3.1a Version: 16.3.4 Version: 16.3.5 Version: 16.3.5b Version: 16.4.1 Version: 16.4.2 Version: 16.4.3 Version: 16.5.1 Version: 16.5.1a Version: 16.5.1b Version: 16.5.2 Version: 3.18.0aS Version: 3.18.0S Version: 3.18.1S Version: 3.18.2S Version: 3.18.3S Version: 3.18.4S Version: 3.18.0SP Version: 3.18.1SP Version: 3.18.1aSP Version: 3.18.1gSP Version: 3.18.1bSP Version: 3.18.1cSP Version: 3.18.2SP Version: 3.18.1hSP Version: 3.18.2aSP Version: 3.18.1iSP Version: 3.18.3SP Version: 3.18.4SP Version: 3.18.3aSP Version: 3.18.3bSP Version: 3.18.5SP Version: 3.9.0E Version: 3.9.1E Version: 3.9.2E Version: 3.9.2bE Version: 16.6.1 Version: 16.6.2 Version: 3.10.0E Version: 3.10.0cE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:28:42.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190327 Cisco IOS and IOS XE Software Network Plug-and-Play Agent Certificate Validation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-pnp-cert"
},
{
"name": "107619",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107619"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS and IOS XE Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.7.7S"
},
{
"status": "affected",
"version": "3.9.1S"
},
{
"status": "affected",
"version": "3.9.0S"
},
{
"status": "affected",
"version": "3.9.2S"
},
{
"status": "affected",
"version": "3.9.1aS"
},
{
"status": "affected",
"version": "3.9.0aS"
},
{
"status": "affected",
"version": "3.3.0SE"
},
{
"status": "affected",
"version": "3.3.1SE"
},
{
"status": "affected",
"version": "3.3.2SE"
},
{
"status": "affected",
"version": "3.3.3SE"
},
{
"status": "affected",
"version": "3.3.4SE"
},
{
"status": "affected",
"version": "3.3.5SE"
},
{
"status": "affected",
"version": "3.3.0XO"
},
{
"status": "affected",
"version": "3.3.1XO"
},
{
"status": "affected",
"version": "3.3.2XO"
},
{
"status": "affected",
"version": "3.5.0E"
},
{
"status": "affected",
"version": "3.5.1E"
},
{
"status": "affected",
"version": "3.5.2E"
},
{
"status": "affected",
"version": "3.5.3E"
},
{
"status": "affected",
"version": "3.10.0S"
},
{
"status": "affected",
"version": "3.10.1S"
},
{
"status": "affected",
"version": "3.10.2S"
},
{
"status": "affected",
"version": "3.10.3S"
},
{
"status": "affected",
"version": "3.10.4S"
},
{
"status": "affected",
"version": "3.10.5S"
},
{
"status": "affected",
"version": "3.10.6S"
},
{
"status": "affected",
"version": "3.10.2aS"
},
{
"status": "affected",
"version": "3.10.2tS"
},
{
"status": "affected",
"version": "3.10.7S"
},
{
"status": "affected",
"version": "3.10.8S"
},
{
"status": "affected",
"version": "3.10.8aS"
},
{
"status": "affected",
"version": "3.10.9S"
},
{
"status": "affected",
"version": "3.10.10S"
},
{
"status": "affected",
"version": "3.11.1S"
},
{
"status": "affected",
"version": "3.11.2S"
},
{
"status": "affected",
"version": "3.11.0S"
},
{
"status": "affected",
"version": "3.11.3S"
},
{
"status": "affected",
"version": "3.11.4S"
},
{
"status": "affected",
"version": "3.12.0S"
},
{
"status": "affected",
"version": "3.12.1S"
},
{
"status": "affected",
"version": "3.12.2S"
},
{
"status": "affected",
"version": "3.12.3S"
},
{
"status": "affected",
"version": "3.12.0aS"
},
{
"status": "affected",
"version": "3.12.4S"
},
{
"status": "affected",
"version": "3.13.0S"
},
{
"status": "affected",
"version": "3.13.1S"
},
{
"status": "affected",
"version": "3.13.2S"
},
{
"status": "affected",
"version": "3.13.3S"
},
{
"status": "affected",
"version": "3.13.4S"
},
{
"status": "affected",
"version": "3.13.5S"
},
{
"status": "affected",
"version": "3.13.2aS"
},
{
"status": "affected",
"version": "3.13.0aS"
},
{
"status": "affected",
"version": "3.13.5aS"
},
{
"status": "affected",
"version": "3.13.6S"
},
{
"status": "affected",
"version": "3.13.7S"
},
{
"status": "affected",
"version": "3.13.6aS"
},
{
"status": "affected",
"version": "3.13.6bS"
},
{
"status": "affected",
"version": "3.13.7aS"
},
{
"status": "affected",
"version": "3.13.8S"
},
{
"status": "affected",
"version": "3.13.9S"
},
{
"status": "affected",
"version": "3.6.0E"
},
{
"status": "affected",
"version": "3.6.1E"
},
{
"status": "affected",
"version": "3.6.0aE"
},
{
"status": "affected",
"version": "3.6.0bE"
},
{
"status": "affected",
"version": "3.6.2aE"
},
{
"status": "affected",
"version": "3.6.2E"
},
{
"status": "affected",
"version": "3.6.3E"
},
{
"status": "affected",
"version": "3.6.4E"
},
{
"status": "affected",
"version": "3.6.5E"
},
{
"status": "affected",
"version": "3.6.6E"
},
{
"status": "affected",
"version": "3.6.5aE"
},
{
"status": "affected",
"version": "3.6.5bE"
},
{
"status": "affected",
"version": "3.6.7E"
},
{
"status": "affected",
"version": "3.6.7aE"
},
{
"status": "affected",
"version": "3.6.7bE"
},
{
"status": "affected",
"version": "3.6.9E"
},
{
"status": "affected",
"version": "3.6.10E"
},
{
"status": "affected",
"version": "3.6.9aE"
},
{
"status": "affected",
"version": "3.14.0S"
},
{
"status": "affected",
"version": "3.14.1S"
},
{
"status": "affected",
"version": "3.14.2S"
},
{
"status": "affected",
"version": "3.14.3S"
},
{
"status": "affected",
"version": "3.14.4S"
},
{
"status": "affected",
"version": "3.15.0S"
},
{
"status": "affected",
"version": "3.15.1S"
},
{
"status": "affected",
"version": "3.15.2S"
},
{
"status": "affected",
"version": "3.15.1cS"
},
{
"status": "affected",
"version": "3.15.3S"
},
{
"status": "affected",
"version": "3.15.4S"
},
{
"status": "affected",
"version": "3.7.0E"
},
{
"status": "affected",
"version": "3.7.1E"
},
{
"status": "affected",
"version": "3.7.2E"
},
{
"status": "affected",
"version": "3.7.3E"
},
{
"status": "affected",
"version": "3.7.4E"
},
{
"status": "affected",
"version": "3.7.5E"
},
{
"status": "affected",
"version": "3.16.0S"
},
{
"status": "affected",
"version": "3.16.1S"
},
{
"status": "affected",
"version": "3.16.0aS"
},
{
"status": "affected",
"version": "3.16.1aS"
},
{
"status": "affected",
"version": "3.16.2S"
},
{
"status": "affected",
"version": "3.16.2aS"
},
{
"status": "affected",
"version": "3.16.0bS"
},
{
"status": "affected",
"version": "3.16.0cS"
},
{
"status": "affected",
"version": "3.16.3S"
},
{
"status": "affected",
"version": "3.16.2bS"
},
{
"status": "affected",
"version": "3.16.3aS"
},
{
"status": "affected",
"version": "3.16.4S"
},
{
"status": "affected",
"version": "3.16.4aS"
},
{
"status": "affected",
"version": "3.16.4bS"
},
{
"status": "affected",
"version": "3.16.4gS"
},
{
"status": "affected",
"version": "3.16.5S"
},
{
"status": "affected",
"version": "3.16.4cS"
},
{
"status": "affected",
"version": "3.16.4dS"
},
{
"status": "affected",
"version": "3.16.4eS"
},
{
"status": "affected",
"version": "3.16.6S"
},
{
"status": "affected",
"version": "3.16.5aS"
},
{
"status": "affected",
"version": "3.16.5bS"
},
{
"status": "affected",
"version": "3.16.7S"
},
{
"status": "affected",
"version": "3.16.6bS"
},
{
"status": "affected",
"version": "3.16.7aS"
},
{
"status": "affected",
"version": "3.17.0S"
},
{
"status": "affected",
"version": "3.17.1S"
},
{
"status": "affected",
"version": "3.17.2S"
},
{
"status": "affected",
"version": "3.17.1aS"
},
{
"status": "affected",
"version": "3.17.3S"
},
{
"status": "affected",
"version": "3.17.4S"
},
{
"status": "affected",
"version": "16.1.1"
},
{
"status": "affected",
"version": "16.1.2"
},
{
"status": "affected",
"version": "16.1.3"
},
{
"status": "affected",
"version": "16.2.1"
},
{
"status": "affected",
"version": "16.2.2"
},
{
"status": "affected",
"version": "3.8.0E"
},
{
"status": "affected",
"version": "3.8.1E"
},
{
"status": "affected",
"version": "3.8.2E"
},
{
"status": "affected",
"version": "3.8.3E"
},
{
"status": "affected",
"version": "3.8.4E"
},
{
"status": "affected",
"version": "3.8.5E"
},
{
"status": "affected",
"version": "3.8.5aE"
},
{
"status": "affected",
"version": "3.8.6E"
},
{
"status": "affected",
"version": "16.3.1"
},
{
"status": "affected",
"version": "16.3.2"
},
{
"status": "affected",
"version": "16.3.3"
},
{
"status": "affected",
"version": "16.3.1a"
},
{
"status": "affected",
"version": "16.3.4"
},
{
"status": "affected",
"version": "16.3.5"
},
{
"status": "affected",
"version": "16.3.5b"
},
{
"status": "affected",
"version": "16.4.1"
},
{
"status": "affected",
"version": "16.4.2"
},
{
"status": "affected",
"version": "16.4.3"
},
{
"status": "affected",
"version": "16.5.1"
},
{
"status": "affected",
"version": "16.5.1a"
},
{
"status": "affected",
"version": "16.5.1b"
},
{
"status": "affected",
"version": "16.5.2"
},
{
"status": "affected",
"version": "3.18.0aS"
},
{
"status": "affected",
"version": "3.18.0S"
},
{
"status": "affected",
"version": "3.18.1S"
},
{
"status": "affected",
"version": "3.18.2S"
},
{
"status": "affected",
"version": "3.18.3S"
},
{
"status": "affected",
"version": "3.18.4S"
},
{
"status": "affected",
"version": "3.18.0SP"
},
{
"status": "affected",
"version": "3.18.1SP"
},
{
"status": "affected",
"version": "3.18.1aSP"
},
{
"status": "affected",
"version": "3.18.1gSP"
},
{
"status": "affected",
"version": "3.18.1bSP"
},
{
"status": "affected",
"version": "3.18.1cSP"
},
{
"status": "affected",
"version": "3.18.2SP"
},
{
"status": "affected",
"version": "3.18.1hSP"
},
{
"status": "affected",
"version": "3.18.2aSP"
},
{
"status": "affected",
"version": "3.18.1iSP"
},
{
"status": "affected",
"version": "3.18.3SP"
},
{
"status": "affected",
"version": "3.18.4SP"
},
{
"status": "affected",
"version": "3.18.3aSP"
},
{
"status": "affected",
"version": "3.18.3bSP"
},
{
"status": "affected",
"version": "3.18.5SP"
},
{
"status": "affected",
"version": "3.9.0E"
},
{
"status": "affected",
"version": "3.9.1E"
},
{
"status": "affected",
"version": "3.9.2E"
},
{
"status": "affected",
"version": "3.9.2bE"
},
{
"status": "affected",
"version": "16.6.1"
},
{
"status": "affected",
"version": "16.6.2"
},
{
"status": "affected",
"version": "3.10.0E"
},
{
"status": "affected",
"version": "3.10.0cE"
}
]
}
],
"datePublic": "2019-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Cisco Network Plug-and-Play (PnP) agent of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability exists because the affected software insufficiently validates certificates. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt and modify confidential information on user connections to the affected software."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-29T07:06:06",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20190327 Cisco IOS and IOS XE Software Network Plug-and-Play Agent Certificate Validation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-pnp-cert"
},
{
"name": "107619",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107619"
}
],
"source": {
"advisory": "cisco-sa-20190327-pnp-cert",
"defect": [
[
"CSCvf36269",
"CSCvg01089"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS and IOS XE Software Network Plug-and-Play Agent Certificate Validation Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-03-27T16:00:00-0700",
"ID": "CVE-2019-1748",
"STATE": "PUBLIC",
"TITLE": "Cisco IOS and IOS XE Software Network Plug-and-Play Agent Certificate Validation Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS and IOS XE Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.7.7S"
},
{
"version_affected": "=",
"version_value": "3.9.1S"
},
{
"version_affected": "=",
"version_value": "3.9.0S"
},
{
"version_affected": "=",
"version_value": "3.9.2S"
},
{
"version_affected": "=",
"version_value": "3.9.1aS"
},
{
"version_affected": "=",
"version_value": "3.9.0aS"
},
{
"version_affected": "=",
"version_value": "3.3.0SE"
},
{
"version_affected": "=",
"version_value": "3.3.1SE"
},
{
"version_affected": "=",
"version_value": "3.3.2SE"
},
{
"version_affected": "=",
"version_value": "3.3.3SE"
},
{
"version_affected": "=",
"version_value": "3.3.4SE"
},
{
"version_affected": "=",
"version_value": "3.3.5SE"
},
{
"version_affected": "=",
"version_value": "3.3.0XO"
},
{
"version_affected": "=",
"version_value": "3.3.1XO"
},
{
"version_affected": "=",
"version_value": "3.3.2XO"
},
{
"version_affected": "=",
"version_value": "3.5.0E"
},
{
"version_affected": "=",
"version_value": "3.5.1E"
},
{
"version_affected": "=",
"version_value": "3.5.2E"
},
{
"version_affected": "=",
"version_value": "3.5.3E"
},
{
"version_affected": "=",
"version_value": "3.10.0S"
},
{
"version_affected": "=",
"version_value": "3.10.1S"
},
{
"version_affected": "=",
"version_value": "3.10.2S"
},
{
"version_affected": "=",
"version_value": "3.10.3S"
},
{
"version_affected": "=",
"version_value": "3.10.4S"
},
{
"version_affected": "=",
"version_value": "3.10.5S"
},
{
"version_affected": "=",
"version_value": "3.10.6S"
},
{
"version_affected": "=",
"version_value": "3.10.2aS"
},
{
"version_affected": "=",
"version_value": "3.10.2tS"
},
{
"version_affected": "=",
"version_value": "3.10.7S"
},
{
"version_affected": "=",
"version_value": "3.10.8S"
},
{
"version_affected": "=",
"version_value": "3.10.8aS"
},
{
"version_affected": "=",
"version_value": "3.10.9S"
},
{
"version_affected": "=",
"version_value": "3.10.10S"
},
{
"version_affected": "=",
"version_value": "3.11.1S"
},
{
"version_affected": "=",
"version_value": "3.11.2S"
},
{
"version_affected": "=",
"version_value": "3.11.0S"
},
{
"version_affected": "=",
"version_value": "3.11.3S"
},
{
"version_affected": "=",
"version_value": "3.11.4S"
},
{
"version_affected": "=",
"version_value": "3.12.0S"
},
{
"version_affected": "=",
"version_value": "3.12.1S"
},
{
"version_affected": "=",
"version_value": "3.12.2S"
},
{
"version_affected": "=",
"version_value": "3.12.3S"
},
{
"version_affected": "=",
"version_value": "3.12.0aS"
},
{
"version_affected": "=",
"version_value": "3.12.4S"
},
{
"version_affected": "=",
"version_value": "3.13.0S"
},
{
"version_affected": "=",
"version_value": "3.13.1S"
},
{
"version_affected": "=",
"version_value": "3.13.2S"
},
{
"version_affected": "=",
"version_value": "3.13.3S"
},
{
"version_affected": "=",
"version_value": "3.13.4S"
},
{
"version_affected": "=",
"version_value": "3.13.5S"
},
{
"version_affected": "=",
"version_value": "3.13.2aS"
},
{
"version_affected": "=",
"version_value": "3.13.0aS"
},
{
"version_affected": "=",
"version_value": "3.13.5aS"
},
{
"version_affected": "=",
"version_value": "3.13.6S"
},
{
"version_affected": "=",
"version_value": "3.13.7S"
},
{
"version_affected": "=",
"version_value": "3.13.6aS"
},
{
"version_affected": "=",
"version_value": "3.13.6bS"
},
{
"version_affected": "=",
"version_value": "3.13.7aS"
},
{
"version_affected": "=",
"version_value": "3.13.8S"
},
{
"version_affected": "=",
"version_value": "3.13.9S"
},
{
"version_affected": "=",
"version_value": "3.6.0E"
},
{
"version_affected": "=",
"version_value": "3.6.1E"
},
{
"version_affected": "=",
"version_value": "3.6.0aE"
},
{
"version_affected": "=",
"version_value": "3.6.0bE"
},
{
"version_affected": "=",
"version_value": "3.6.2aE"
},
{
"version_affected": "=",
"version_value": "3.6.2E"
},
{
"version_affected": "=",
"version_value": "3.6.3E"
},
{
"version_affected": "=",
"version_value": "3.6.4E"
},
{
"version_affected": "=",
"version_value": "3.6.5E"
},
{
"version_affected": "=",
"version_value": "3.6.6E"
},
{
"version_affected": "=",
"version_value": "3.6.5aE"
},
{
"version_affected": "=",
"version_value": "3.6.5bE"
},
{
"version_affected": "=",
"version_value": "3.6.7E"
},
{
"version_affected": "=",
"version_value": "3.6.7aE"
},
{
"version_affected": "=",
"version_value": "3.6.7bE"
},
{
"version_affected": "=",
"version_value": "3.6.9E"
},
{
"version_affected": "=",
"version_value": "3.6.10E"
},
{
"version_affected": "=",
"version_value": "3.6.9aE"
},
{
"version_affected": "=",
"version_value": "3.14.0S"
},
{
"version_affected": "=",
"version_value": "3.14.1S"
},
{
"version_affected": "=",
"version_value": "3.14.2S"
},
{
"version_affected": "=",
"version_value": "3.14.3S"
},
{
"version_affected": "=",
"version_value": "3.14.4S"
},
{
"version_affected": "=",
"version_value": "3.15.0S"
},
{
"version_affected": "=",
"version_value": "3.15.1S"
},
{
"version_affected": "=",
"version_value": "3.15.2S"
},
{
"version_affected": "=",
"version_value": "3.15.1cS"
},
{
"version_affected": "=",
"version_value": "3.15.3S"
},
{
"version_affected": "=",
"version_value": "3.15.4S"
},
{
"version_affected": "=",
"version_value": "3.7.0E"
},
{
"version_affected": "=",
"version_value": "3.7.1E"
},
{
"version_affected": "=",
"version_value": "3.7.2E"
},
{
"version_affected": "=",
"version_value": "3.7.3E"
},
{
"version_affected": "=",
"version_value": "3.7.4E"
},
{
"version_affected": "=",
"version_value": "3.7.5E"
},
{
"version_affected": "=",
"version_value": "3.16.0S"
},
{
"version_affected": "=",
"version_value": "3.16.1S"
},
{
"version_affected": "=",
"version_value": "3.16.0aS"
},
{
"version_affected": "=",
"version_value": "3.16.1aS"
},
{
"version_affected": "=",
"version_value": "3.16.2S"
},
{
"version_affected": "=",
"version_value": "3.16.2aS"
},
{
"version_affected": "=",
"version_value": "3.16.0bS"
},
{
"version_affected": "=",
"version_value": "3.16.0cS"
},
{
"version_affected": "=",
"version_value": "3.16.3S"
},
{
"version_affected": "=",
"version_value": "3.16.2bS"
},
{
"version_affected": "=",
"version_value": "3.16.3aS"
},
{
"version_affected": "=",
"version_value": "3.16.4S"
},
{
"version_affected": "=",
"version_value": "3.16.4aS"
},
{
"version_affected": "=",
"version_value": "3.16.4bS"
},
{
"version_affected": "=",
"version_value": "3.16.4gS"
},
{
"version_affected": "=",
"version_value": "3.16.5S"
},
{
"version_affected": "=",
"version_value": "3.16.4cS"
},
{
"version_affected": "=",
"version_value": "3.16.4dS"
},
{
"version_affected": "=",
"version_value": "3.16.4eS"
},
{
"version_affected": "=",
"version_value": "3.16.6S"
},
{
"version_affected": "=",
"version_value": "3.16.5aS"
},
{
"version_affected": "=",
"version_value": "3.16.5bS"
},
{
"version_affected": "=",
"version_value": "3.16.7S"
},
{
"version_affected": "=",
"version_value": "3.16.6bS"
},
{
"version_affected": "=",
"version_value": "3.16.7aS"
},
{
"version_affected": "=",
"version_value": "3.17.0S"
},
{
"version_affected": "=",
"version_value": "3.17.1S"
},
{
"version_affected": "=",
"version_value": "3.17.2S"
},
{
"version_affected": "=",
"version_value": "3.17.1aS"
},
{
"version_affected": "=",
"version_value": "3.17.3S"
},
{
"version_affected": "=",
"version_value": "3.17.4S"
},
{
"version_affected": "=",
"version_value": "16.1.1"
},
{
"version_affected": "=",
"version_value": "16.1.2"
},
{
"version_affected": "=",
"version_value": "16.1.3"
},
{
"version_affected": "=",
"version_value": "16.2.1"
},
{
"version_affected": "=",
"version_value": "16.2.2"
},
{
"version_affected": "=",
"version_value": "3.8.0E"
},
{
"version_affected": "=",
"version_value": "3.8.1E"
},
{
"version_affected": "=",
"version_value": "3.8.2E"
},
{
"version_affected": "=",
"version_value": "3.8.3E"
},
{
"version_affected": "=",
"version_value": "3.8.4E"
},
{
"version_affected": "=",
"version_value": "3.8.5E"
},
{
"version_affected": "=",
"version_value": "3.8.5aE"
},
{
"version_affected": "=",
"version_value": "3.8.6E"
},
{
"version_affected": "=",
"version_value": "16.3.1"
},
{
"version_affected": "=",
"version_value": "16.3.2"
},
{
"version_affected": "=",
"version_value": "16.3.3"
},
{
"version_affected": "=",
"version_value": "16.3.1a"
},
{
"version_affected": "=",
"version_value": "16.3.4"
},
{
"version_affected": "=",
"version_value": "16.3.5"
},
{
"version_affected": "=",
"version_value": "16.3.5b"
},
{
"version_affected": "=",
"version_value": "16.4.1"
},
{
"version_affected": "=",
"version_value": "16.4.2"
},
{
"version_affected": "=",
"version_value": "16.4.3"
},
{
"version_affected": "=",
"version_value": "16.5.1"
},
{
"version_affected": "=",
"version_value": "16.5.1a"
},
{
"version_affected": "=",
"version_value": "16.5.1b"
},
{
"version_affected": "=",
"version_value": "16.5.2"
},
{
"version_affected": "=",
"version_value": "3.18.0aS"
},
{
"version_affected": "=",
"version_value": "3.18.0S"
},
{
"version_affected": "=",
"version_value": "3.18.1S"
},
{
"version_affected": "=",
"version_value": "3.18.2S"
},
{
"version_affected": "=",
"version_value": "3.18.3S"
},
{
"version_affected": "=",
"version_value": "3.18.4S"
},
{
"version_affected": "=",
"version_value": "3.18.0SP"
},
{
"version_affected": "=",
"version_value": "3.18.1SP"
},
{
"version_affected": "=",
"version_value": "3.18.1aSP"
},
{
"version_affected": "=",
"version_value": "3.18.1gSP"
},
{
"version_affected": "=",
"version_value": "3.18.1bSP"
},
{
"version_affected": "=",
"version_value": "3.18.1cSP"
},
{
"version_affected": "=",
"version_value": "3.18.2SP"
},
{
"version_affected": "=",
"version_value": "3.18.1hSP"
},
{
"version_affected": "=",
"version_value": "3.18.2aSP"
},
{
"version_affected": "=",
"version_value": "3.18.1iSP"
},
{
"version_affected": "=",
"version_value": "3.18.3SP"
},
{
"version_affected": "=",
"version_value": "3.18.4SP"
},
{
"version_affected": "=",
"version_value": "3.18.3aSP"
},
{
"version_affected": "=",
"version_value": "3.18.3bSP"
},
{
"version_affected": "=",
"version_value": "3.18.5SP"
},
{
"version_affected": "=",
"version_value": "3.9.0E"
},
{
"version_affected": "=",
"version_value": "3.9.1E"
},
{
"version_affected": "=",
"version_value": "3.9.2E"
},
{
"version_affected": "=",
"version_value": "3.9.2bE"
},
{
"version_affected": "=",
"version_value": "16.6.1"
},
{
"version_affected": "=",
"version_value": "16.6.2"
},
{
"version_affected": "=",
"version_value": "3.10.0E"
},
{
"version_affected": "=",
"version_value": "3.10.0cE"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Cisco Network Plug-and-Play (PnP) agent of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability exists because the affected software insufficiently validates certificates. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt and modify confidential information on user connections to the affected software."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "7.4",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190327 Cisco IOS and IOS XE Software Network Plug-and-Play Agent Certificate Validation Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-pnp-cert"
},
{
"name": "107619",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107619"
}
]
},
"source": {
"advisory": "cisco-sa-20190327-pnp-cert",
"defect": [
[
"CSCvf36269",
"CSCvg01089"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2019-1748",
"datePublished": "2019-03-27T23:50:13.064650Z",
"dateReserved": "2018-12-06T00:00:00",
"dateUpdated": "2024-09-17T02:02:40.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…