CVE-2019-1748
7.4
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
A vulnerability in the Cisco Network Plug-and-Play (PnP) agent of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability exists because the affected software insufficiently validates certificates. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt and modify confidential information on user connections to the affected software.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cisco | Cisco IOS and IOS XE Software | 3.7.7S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.9.1S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.9.0S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.9.2S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.9.1aS | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.9.0aS | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.3.0SE | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.3.1SE | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.3.2SE | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.3.3SE | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.3.4SE | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.3.5SE | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.3.0XO | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.3.1XO | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.3.2XO | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.5.0E | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.5.1E | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.5.2E | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.5.3E | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.10.0S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.10.1S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.10.2S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.10.3S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.10.4S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.10.5S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.10.6S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.10.2aS | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.10.2tS | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.10.7S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.10.8S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.10.8aS | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.10.9S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.10.10S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.11.1S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.11.2S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.11.0S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.11.3S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.11.4S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.12.0S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.12.1S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.12.2S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.12.3S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.12.0aS | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.12.4S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.13.0S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.13.1S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.13.2S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.13.3S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.13.4S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.13.5S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.13.2aS | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.13.0aS | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.13.5aS | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.13.6S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.13.7S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.13.6aS | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.13.6bS | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.13.7aS | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.13.8S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.13.9S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.6.0E | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.6.1E | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.6.0aE | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.6.0bE | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.6.2aE | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.6.2E | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.6.3E | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.6.4E | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.6.5E | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.6.6E | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.6.5aE | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.6.5bE | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.6.7E | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.6.7aE | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.6.7bE | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.6.9E | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.6.10E | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.6.9aE | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.14.0S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.14.1S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.14.2S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.14.3S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.14.4S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.15.0S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.15.1S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.15.2S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.15.1cS | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.15.3S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.15.4S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.7.0E | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.7.1E | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.7.2E | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.7.3E | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.7.4E | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.7.5E | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.16.0S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.16.1S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.16.0aS | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.16.1aS | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.16.2S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.16.2aS | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.16.0bS | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.16.0cS | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.16.3S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.16.2bS | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.16.3aS | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.16.4S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.16.4aS | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.16.4bS | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.16.4gS | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.16.5S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.16.4cS | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.16.4dS | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.16.4eS | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.16.6S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.16.5aS | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.16.5bS | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.16.7S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.16.6bS | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.16.7aS | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.17.0S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.17.1S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.17.2S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.17.1aS | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.17.3S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.17.4S | affected |
| Cisco | Cisco IOS and IOS XE Software | 16.1.1 | affected |
| Cisco | Cisco IOS and IOS XE Software | 16.1.2 | affected |
| Cisco | Cisco IOS and IOS XE Software | 16.1.3 | affected |
| Cisco | Cisco IOS and IOS XE Software | 16.2.1 | affected |
| Cisco | Cisco IOS and IOS XE Software | 16.2.2 | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.8.0E | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.8.1E | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.8.2E | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.8.3E | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.8.4E | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.8.5E | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.8.5aE | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.8.6E | affected |
| Cisco | Cisco IOS and IOS XE Software | 16.3.1 | affected |
| Cisco | Cisco IOS and IOS XE Software | 16.3.2 | affected |
| Cisco | Cisco IOS and IOS XE Software | 16.3.3 | affected |
| Cisco | Cisco IOS and IOS XE Software | 16.3.1a | affected |
| Cisco | Cisco IOS and IOS XE Software | 16.3.4 | affected |
| Cisco | Cisco IOS and IOS XE Software | 16.3.5 | affected |
| Cisco | Cisco IOS and IOS XE Software | 16.3.5b | affected |
| Cisco | Cisco IOS and IOS XE Software | 16.4.1 | affected |
| Cisco | Cisco IOS and IOS XE Software | 16.4.2 | affected |
| Cisco | Cisco IOS and IOS XE Software | 16.4.3 | affected |
| Cisco | Cisco IOS and IOS XE Software | 16.5.1 | affected |
| Cisco | Cisco IOS and IOS XE Software | 16.5.1a | affected |
| Cisco | Cisco IOS and IOS XE Software | 16.5.1b | affected |
| Cisco | Cisco IOS and IOS XE Software | 16.5.2 | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.18.0aS | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.18.0S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.18.1S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.18.2S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.18.3S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.18.4S | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.18.0SP | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.18.1SP | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.18.1aSP | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.18.1gSP | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.18.1bSP | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.18.1cSP | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.18.2SP | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.18.1hSP | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.18.2aSP | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.18.1iSP | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.18.3SP | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.18.4SP | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.18.3aSP | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.18.3bSP | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.18.5SP | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.9.0E | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.9.1E | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.9.2E | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.9.2bE | affected |
| Cisco | Cisco IOS and IOS XE Software | 16.6.1 | affected |
| Cisco | Cisco IOS and IOS XE Software | 16.6.2 | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.10.0E | affected |
| Cisco | Cisco IOS and IOS XE Software | 3.10.0cE | affected |
Weaknesses
- CWE-295: CWE-295
ADP Enrichment
CVE Program Container
Additional References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-pnp-cert
- http://www.securityfocus.com/bid/107619
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-pnp-cert
- http://www.securityfocus.com/bid/107619
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.