vulnerability

Cisco IOS: CVE-2019-12648: Cisco IOx for IOS Software Guest Operating System Unauthorized Access Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:S/C:C/I:C/A:C)	2019-09-26	2019-09-26	2023-03-03

Severity

CVSS

(AV:N/AC:L/Au:S/C:C/I:C/A:C)

Published

2019-09-26

Added

2019-09-26

Modified

2023-03-03

Description

A vulnerability in the IOx application environment for Cisco IOS Software could allow an authenticated, remote attacker to gain unauthorized access to the Guest Operating System (Guest OS) running on an affected device. The vulnerability is due to incorrect role-based access control (RBAC) evaluation when a low-privileged user requests access to a Guest OS that should be restricted to administrative accounts. An attacker could exploit this vulnerability by authenticating to the Guest OS by using the low-privileged-user credentials. An exploit could allow the attacker to gain unauthorized access to the Guest OS as a root user.

Solution

cisco-ios-upgrade-latest

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today