A vulnerability in the Secure Storage feature of Cisco IOS and IOS XE Software could allow an authenticated, local attacker to access sensitive system information on an affected device. The vulnerability is due to improper memory operations performed at encryption time, when affected software handles configuration updates. An attacker could exploit this vulnerability by retrieving the contents of specific memory locations of an affected device. A successful exploit could result in the disclosure of keying materials that are part of the device configuration, which can be used to recover critical system information.

Published : 2019-03-28 01:29 Updated : 2019-10-09 23:48


There is no CVSS for this CVE.
Vendor Product Version URI
Cisco Ios 12.2%286%29i1 cpe:/o:cisco:ios:12.2%286%29i1
Cisco Ios 15.1%282%29sg8a cpe:/o:cisco:ios:15.1%282%29sg8a
Cisco Ios 15.1%283%29svg3d cpe:/o:cisco:ios:15.1%283%29svg3d
Cisco Ios 15.1%283%29svi1b cpe:/o:cisco:ios:15.1%283%29svi1b
Cisco Ios 15.1%283%29svm3 cpe:/o:cisco:ios:15.1%283%29svm3
Cisco Ios 15.1%283%29svn2 cpe:/o:cisco:ios:15.1%283%29svn2
Cisco Ios 15.1%283%29svo1 cpe:/o:cisco:ios:15.1%283%29svo1
Cisco Ios 15.1%283%29svo2 cpe:/o:cisco:ios:15.1%283%29svo2
Cisco Ios 15.1%283%29svp1 cpe:/o:cisco:ios:15.1%283%29svp1
Cisco Ios 15.1%284%29m12c cpe:/o:cisco:ios:15.1%284%29m12c
Cisco Ios 15.2%283%29ea1 cpe:/o:cisco:ios:15.2%283%29ea1
Cisco Ios 15.2%284%29jn1 cpe:/o:cisco:ios:15.2%284%29jn1
Cisco Ios 15.2%284a%29ea5 cpe:/o:cisco:ios:15.2%284a%29ea5
Cisco Ios 15.3%283%29ja1n cpe:/o:cisco:ios:15.3%283%29ja1n
Cisco Ios 15.3%283%29jf35 cpe:/o:cisco:ios:15.3%283%29jf35
Cisco Ios 15.3%283%29ji2 cpe:/o:cisco:ios:15.3%283%29ji2
Cisco Ios 15.3%283%29jn1 cpe:/o:cisco:ios:15.3%283%29jn1
Cisco Ios 15.3%283%29jn2 cpe:/o:cisco:ios:15.3%283%29jn2
Cisco Ios 15.6%282%29sp3b cpe:/o:cisco:ios:15.6%282%29sp3b
Cisco Ios 15.6%283%29m1 cpe:/o:cisco:ios:15.6%283%29m1
Cisco Ios 15.6%283%29m1a cpe:/o:cisco:ios:15.6%283%29m1a
Cisco Ios 15.6%283%29m1b cpe:/o:cisco:ios:15.6%283%29m1b
Cisco Ios 15.6%283%29m2 cpe:/o:cisco:ios:15.6%283%29m2
Cisco Ios 15.6%283%29m2a cpe:/o:cisco:ios:15.6%283%29m2a
Cisco Ios 15.6%283%29m3 cpe:/o:cisco:ios:15.6%283%29m3
Cisco Ios 15.6%283%29m3a cpe:/o:cisco:ios:15.6%283%29m3a
Cisco Ios 15.6%283%29m4 cpe:/o:cisco:ios:15.6%283%29m4
Cisco Ios 15.6%283.1%29m cpe:/o:cisco:ios:15.6%283.1%29m
Cisco Ios 15.7%283%29m cpe:/o:cisco:ios:15.7%283%29m
Cisco Ios 15.7%283%29m0a cpe:/o:cisco:ios:15.7%283%29m0a
Cisco Ios 15.7%283%29m1 cpe:/o:cisco:ios:15.7%283%29m1
Cisco Ios Xe 16.6.1 cpe:/o:cisco:ios_xe:16.6.1
Cisco Ios Xe 16.6.2 cpe:/o:cisco:ios_xe:16.6.2
Cisco Ios Xe 16.6.3 cpe:/o:cisco:ios_xe:16.6.3
Cisco Ios Xe 16.6.4 cpe:/o:cisco:ios_xe:16.6.4
Cisco Ios Xe 16.6.4a cpe:/o:cisco:ios_xe:16.6.4a
Cisco Ios Xe 16.6.4s cpe:/o:cisco:ios_xe:16.6.4s
Cisco Ios Xe 16.7.1 cpe:/o:cisco:ios_xe:16.7.1
Cisco Ios Xe 16.7.1a cpe:/o:cisco:ios_xe:16.7.1a
Cisco Ios Xe 16.7.1b cpe:/o:cisco:ios_xe:16.7.1b
Cisco Ios Xe 16.7.2 cpe:/o:cisco:ios_xe:16.7.2
Cisco Ios Xe 16.7.3 cpe:/o:cisco:ios_xe:16.7.3
Cisco Ios Xe 16.7.4 cpe:/o:cisco:ios_xe:16.7.4
Cisco Ios Xe 16.8.1 cpe:/o:cisco:ios_xe:16.8.1
Cisco Ios Xe 16.8.1a cpe:/o:cisco:ios_xe:16.8.1a
Cisco Ios Xe 16.8.1b cpe:/o:cisco:ios_xe:16.8.1b
Cisco Ios Xe 16.8.1c cpe:/o:cisco:ios_xe:16.8.1c
Cisco Ios Xe 16.8.1d cpe:/o:cisco:ios_xe:16.8.1d
Cisco Ios Xe 16.8.1e cpe:/o:cisco:ios_xe:16.8.1e
Cisco Ios Xe 16.8.1s cpe:/o:cisco:ios_xe:16.8.1s
Cisco Ios Xe 16.8.2 cpe:/o:cisco:ios_xe:16.8.2
Cisco Ios Xe 16.9.1 cpe:/o:cisco:ios_xe:16.9.1
Cisco Ios Xe 16.9.1a cpe:/o:cisco:ios_xe:16.9.1a
Cisco Ios Xe 16.9.1b cpe:/o:cisco:ios_xe:16.9.1b
Cisco Ios Xe 16.9.1c cpe:/o:cisco:ios_xe:16.9.1c
Cisco Ios Xe 16.9.1d cpe:/o:cisco:ios_xe:16.9.1d
Cisco Ios Xe 16.9.1s cpe:/o:cisco:ios_xe:16.9.1s
Cisco Ios Xe 16.9.2 cpe:/o:cisco:ios_xe:16.9.2
Cisco Ios Xe 16.9.2a cpe:/o:cisco:ios_xe:16.9.2a
  1. Cisco (2) Search CVE
    1. Ios Xe (28) Search CVE
      1. 16.6.1
      2. 16.6.2
      3. 16.6.3
      4. 16.6.4
      5. 16.6.4a
      6. 16.6.4s
      7. 16.7.1
      8. 16.7.1a
      9. 16.7.1b
      10. 16.7.2
      11. 16.7.3
      12. 16.7.4
      13. 16.8.1
      14. 16.8.1a
      15. 16.8.1b
      16. 16.8.1c
      17. 16.8.1d
      18. 16.8.1e
      19. 16.8.1s
      20. 16.8.2
      21. 16.9.1
      22. 16.9.1a
      23. 16.9.1b
      24. 16.9.1c
      25. 16.9.1d
      26. 16.9.1s
      27. 16.9.2
      28. 16.9.2a
    2. Ios (31) Search CVE
      1. 12.2%286%29i1
      2. 15.1%282%29sg8a
      3. 15.1%283%29svg3d
      4. 15.1%283%29svi1b
      5. 15.1%283%29svm3
      6. 15.1%283%29svn2
      7. 15.1%283%29svo1
      8. 15.1%283%29svo2
      9. 15.1%283%29svp1
      10. 15.1%284%29m12c
      11. 15.2%283%29ea1
      12. 15.2%284%29jn1
      13. 15.2%284a%29ea5
      14. 15.3%283%29ja1n
      15. 15.3%283%29jf35
      16. 15.3%283%29ji2
      17. 15.3%283%29jn1
      18. 15.3%283%29jn2
      19. 15.6%282%29sp3b
      20. 15.6%283%29m1
      21. 15.6%283%29m1a
      22. 15.6%283%29m1b
      23. 15.6%283%29m2
      24. 15.6%283%29m2a
      25. 15.6%283%29m3
      26. 15.6%283%29m3a
      27. 15.6%283%29m4
      28. 15.6%283.1%29m
      29. 15.7%283%29m
      30. 15.7%283%29m0a
      31. 15.7%283%29m1


ID Name Description Links
CWE-200 Information Exposure An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information. CVE

History of changes

Date Event
2019-10-09 23:48