CVE-2019-1762

Summary

A vulnerability in the Secure Storage feature of Cisco IOS and IOS XE Software could allow an authenticated, local attacker to access sensitive system information on an affected device. The vulnerability is due to improper memory operations performed at encryption time, when affected software handles configuration updates. An attacker could exploit this vulnerability by retrieving the contents of specific memory locations of an affected device. A successful exploit could result in the disclosure of keying materials that are part of the device configuration, which can be used to recover critical system information.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco IOS and IOS XE Software16.6.1affected
CiscoCisco IOS and IOS XE Software16.6.2affected
CiscoCisco IOS and IOS XE Software16.6.3affected
CiscoCisco IOS and IOS XE Software16.6.4affected
CiscoCisco IOS and IOS XE Software16.6.4saffected
CiscoCisco IOS and IOS XE Software16.6.4aaffected
CiscoCisco IOS and IOS XE Software16.7.1affected
CiscoCisco IOS and IOS XE Software16.7.1aaffected
CiscoCisco IOS and IOS XE Software16.7.1baffected
CiscoCisco IOS and IOS XE Software16.7.2affected
CiscoCisco IOS and IOS XE Software16.7.3affected
CiscoCisco IOS and IOS XE Software16.7.4affected
CiscoCisco IOS and IOS XE Software16.8.1affected
CiscoCisco IOS and IOS XE Software16.8.1aaffected
CiscoCisco IOS and IOS XE Software16.8.1baffected
CiscoCisco IOS and IOS XE Software16.8.1saffected
CiscoCisco IOS and IOS XE Software16.8.1caffected
CiscoCisco IOS and IOS XE Software16.8.1daffected
CiscoCisco IOS and IOS XE Software16.8.2affected
CiscoCisco IOS and IOS XE Software16.8.1eaffected
CiscoCisco IOS and IOS XE Software16.9.1affected
CiscoCisco IOS and IOS XE Software16.9.2affected
CiscoCisco IOS and IOS XE Software16.9.1aaffected
CiscoCisco IOS and IOS XE Software16.9.1baffected
CiscoCisco IOS and IOS XE Software16.9.1saffected
CiscoCisco IOS and IOS XE Software16.9.1caffected
CiscoCisco IOS and IOS XE Software16.9.1daffected
CiscoCisco IOS and IOS XE Software16.9.2aaffected

Weaknesses

  • CWE-200: CWE-200

ADP Enrichment

CVE Program Container

Additional References

References