CVE-2019-1742
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
28/03/2019
Last modified:
08/10/2020
Description
A vulnerability in the web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access sensitive configuration information. The vulnerability is due to improper access control to files within the web UI. An attacker could exploit this vulnerability by sending a malicious request to an affected device. A successful exploit could allow the attacker to gain access to sensitive configuration information.
Impact
Base Score 3.x
5.30
Severity 3.x
MEDIUM
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:cisco:ios_xe:3.2.0ja:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe:16.3.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe:16.3.1a:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe:16.3.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe:16.3.3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe:16.3.4:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe:16.3.5:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe:16.3.5b:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe:16.3.6:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe:16.4.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe:16.4.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe:16.4.3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe:16.5.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe:16.5.1a:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe:16.5.1b:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page