vulnerability

Cisco XE: CVE-2019-1753: Cisco IOS XE Software Privilege Escalation Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:S/C:C/I:C/A:C)	Mar 28, 2019	Jul 30, 2019	Jan 5, 2024

Severity

CVSS

(AV:N/AC:L/Au:S/C:C/I:C/A:C)

Published

Mar 28, 2019

Added

Jul 30, 2019

Modified

Jan 5, 2024

Description

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to a failure to validate and sanitize input in Web Services Management Agent (WSMA) functions. An attacker could exploit this vulnerability by submitting a malicious payload to the affected device's web UI. A successful exploit could allow the lower-privileged attacker to execute arbitrary commands with higher privileges on the affected device.

Solution

cisco-xe-upgrade-latest

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today