CVE-2019-1759

Summary

A vulnerability in access control list (ACL) functionality of the Gigabit Ethernet Management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to reach the configured IP addresses on the Gigabit Ethernet Management interface. The vulnerability is due to a logic error that was introduced in the Cisco IOS XE Software 16.1.1 Release, which prevents the ACL from working when applied against the management interface. An attacker could exploit this issue by attempting to access the device via the management interface.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco IOS XE Software3.2.0JAaffected
CiscoCisco IOS XE Software16.2.1affected
CiscoCisco IOS XE Software16.2.2affected
CiscoCisco IOS XE Software16.3.1affected
CiscoCisco IOS XE Software16.3.2affected
CiscoCisco IOS XE Software16.3.3affected
CiscoCisco IOS XE Software16.3.1aaffected
CiscoCisco IOS XE Software16.3.4affected
CiscoCisco IOS XE Software16.3.5affected
CiscoCisco IOS XE Software16.3.5baffected
CiscoCisco IOS XE Software16.3.6affected
CiscoCisco IOS XE Software16.3.7affected
CiscoCisco IOS XE Software16.4.1affected
CiscoCisco IOS XE Software16.4.2affected
CiscoCisco IOS XE Software16.4.3affected
CiscoCisco IOS XE Software16.5.1affected
CiscoCisco IOS XE Software16.5.1aaffected
CiscoCisco IOS XE Software16.5.1baffected
CiscoCisco IOS XE Software16.5.2affected
CiscoCisco IOS XE Software16.5.3affected
CiscoCisco IOS XE Software16.6.1affected
CiscoCisco IOS XE Software16.6.2affected
CiscoCisco IOS XE Software16.6.3affected
CiscoCisco IOS XE Software16.6.4affected
CiscoCisco IOS XE Software16.6.4saffected
CiscoCisco IOS XE Software16.6.4aaffected
CiscoCisco IOS XE Software16.7.1affected
CiscoCisco IOS XE Software16.7.1aaffected
CiscoCisco IOS XE Software16.7.1baffected
CiscoCisco IOS XE Software16.7.2affected
CiscoCisco IOS XE Software16.8.1affected
CiscoCisco IOS XE Software16.8.1aaffected
CiscoCisco IOS XE Software16.8.1baffected
CiscoCisco IOS XE Software16.8.1saffected
CiscoCisco IOS XE Software16.8.1caffected
CiscoCisco IOS XE Software16.8.1daffected
CiscoCisco IOS XE Software16.8.2affected
CiscoCisco IOS XE Software16.8.1eaffected
CiscoCisco IOS XE Software16.9.1affected
CiscoCisco IOS XE Software16.9.2affected
CiscoCisco IOS XE Software16.9.1aaffected
CiscoCisco IOS XE Software16.9.1baffected
CiscoCisco IOS XE Software16.9.1saffected
CiscoCisco IOS XE Software16.9.1caffected
CiscoCisco IOS XE Software16.9.1daffected

Weaknesses

  • CWE-284: CWE-284

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References