CVE-2019-1753

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to a failure to validate and sanitize input in Web Services Management Agent (WSMA) functions. An attacker could exploit this vulnerability by submitting a malicious payload to the affected device's web UI. A successful exploit could allow the lower-privileged attacker to execute arbitrary commands with higher privileges on the affected device.

Published : 2019-03-28 00:29 Updated : 2019-10-09 23:47

CVSS

There is no CVSS for this CVE.
Vendor Product Version URI
Cisco Ios Xe 3.2.0ja cpe:/o:cisco:ios_xe:3.2.0ja
Cisco Ios Xe 3.6.10e cpe:/o:cisco:ios_xe:3.6.10e
Cisco Ios Xe 16.6.1 cpe:/o:cisco:ios_xe:16.6.1
Cisco Ios Xe 16.6.2 cpe:/o:cisco:ios_xe:16.6.2
Cisco Ios Xe 16.6.3 cpe:/o:cisco:ios_xe:16.6.3
Cisco Ios Xe 16.7.1 cpe:/o:cisco:ios_xe:16.7.1
Cisco Ios Xe 16.7.1a cpe:/o:cisco:ios_xe:16.7.1a
Cisco Ios Xe 16.7.1b cpe:/o:cisco:ios_xe:16.7.1b
Cisco Ios Xe 16.8.1 cpe:/o:cisco:ios_xe:16.8.1
Cisco Ios Xe 16.8.1a cpe:/o:cisco:ios_xe:16.8.1a
Cisco Ios Xe 16.8.1b cpe:/o:cisco:ios_xe:16.8.1b
Cisco Ios Xe 16.8.1c cpe:/o:cisco:ios_xe:16.8.1c
Cisco Ios Xe 16.8.1d cpe:/o:cisco:ios_xe:16.8.1d
Cisco Ios Xe 16.8.1e cpe:/o:cisco:ios_xe:16.8.1e
Cisco Ios Xe 16.8.1s cpe:/o:cisco:ios_xe:16.8.1s
  1. Cisco (1) Search CVE
    1. Ios Xe (15) Search CVE
      1. 3.2.0ja
      2. 3.6.10e
      3. 16.6.1
      4. 16.6.2
      5. 16.6.3
      6. 16.7.1
      7. 16.7.1a
      8. 16.7.1b
      9. 16.8.1
      10. 16.8.1a
      11. 16.8.1b
      12. 16.8.1c
      13. 16.8.1d
      14. 16.8.1e
      15. 16.8.1s

CWE

ID Name Description Links
CWE-20 Improper Input Validation The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program. CVE

History of changes

Date Event
2019-10-09 23:47

New CVE