CVE-2019-12650 - OpenCVE

Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	1100-4p Integrated Services Router 1100-8p Integrated Services Router 1101-4p Integrated Services Router 1109-2p Integrated Services Router 1109-4p Integrated Services Router 1111x-8p Integrated Services Router Asr 1001-x Asr 1002-hx Asr 1006-x Asr 1009-x Catalyst 3650-12x48uq Catalyst 3650-12x48ur Catalyst 3650-12x48uz Catalyst 3650-24pd Catalyst 3650-24pdm Catalyst 3650-48fq Catalyst 3650-48fqm Catalyst 3650-8x24uq Catalyst 3850-12x48u Catalyst 3850-24u Catalyst 3850-24xs Catalyst 3850-24xu Catalyst 3850-48u Catalyst 3850-48xs Catalyst 3850-nm-2-40g Catalyst 3850-nm-8-10g Catalyst 9800-40 Catalyst 9800-80 Catalyst 9800-cl Catalyst 9800-l Catalyst 9800-l-c Catalyst 9800-l-f Catalyst C9200-24p Catalyst C9200-24t Catalyst C9200-48p Catalyst C9200-48t Catalyst C9200l-24p-4g Catalyst C9200l-24p-4x Catalyst C9200l-24pxg-2y Catalyst C9200l-24pxg-4x Catalyst C9200l-24t-4g Catalyst C9200l-24t-4x Catalyst C9200l-48p-4g Catalyst C9200l-48p-4x Catalyst C9200l-48pxg-2y Catalyst C9200l-48pxg-4x Catalyst C9200l-48t-4g Catalyst C9200l-48t-4x Catalyst C9300-24p Catalyst C9300-24s Catalyst C9300-24t Catalyst C9300-24u Catalyst C9300-24ux Catalyst C9300-48p Catalyst C9300-48s Catalyst C9300-48t Catalyst C9300-48u Catalyst C9300-48un Catalyst C9300-48uxm Catalyst C9300l-24p-4g Catalyst C9300l-24p-4x Catalyst C9300l-24t-4g Catalyst C9300l-24t-4x Catalyst C9300l-48p-4g Catalyst C9300l-48p-4x Catalyst C9300l-48t-4g Catalyst C9300l-48t-4x Catalyst C9500-12q Catalyst C9500-16x Catalyst C9500-24q Catalyst C9500-24y4c Catalyst C9500-32c Catalyst C9500-32qc Catalyst C9500-40x Catalyst C9500-48y4c Cloud Services Router 1000v Integrated Services Virtual Router Ios Ios Xe

Configuration 1 [-]

cpe:2.3:o:cisco:ios:16.11.1:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:cisco:ios_xe:16.6.5:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:1100-4p_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1100-8p_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1101-4p_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1109-2p_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1109-4p_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1111x-8p_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:asr_1001-x:-:::::::*
	cpe:2.3:h:cisco:asr_1002-hx:-:::::::*
	cpe:2.3:h:cisco:asr_1006-x:-:::::::*
	cpe:2.3:h:cisco:asr_1009-x:-:::::::*
	cpe:2.3:h:cisco:catalyst_3650-12x48uq:-:::::::*
	cpe:2.3:h:cisco:catalyst_3650-12x48ur:-:::::::*
	cpe:2.3:h:cisco:catalyst_3650-12x48uz:-:::::::*
	cpe:2.3:h:cisco:catalyst_3650-24pd:-:::::::*
	cpe:2.3:h:cisco:catalyst_3650-24pdm:-:::::::*
	cpe:2.3:h:cisco:catalyst_3650-48fq:-:::::::*
	cpe:2.3:h:cisco:catalyst_3650-48fqm:-:::::::*
	cpe:2.3:h:cisco:catalyst_3650-8x24uq:-:::::::*
	cpe:2.3:h:cisco:catalyst_3850-12x48u:-:::::::*
	cpe:2.3:h:cisco:catalyst_3850-24u:-:::::::*
	cpe:2.3:h:cisco:catalyst_3850-24xs:-:::::::*
	cpe:2.3:h:cisco:catalyst_3850-24xu:-:::::::*
	cpe:2.3:h:cisco:catalyst_3850-48u:-:::::::*
	cpe:2.3:h:cisco:catalyst_3850-48xs:-:::::::*
	cpe:2.3:h:cisco:catalyst_3850-nm-2-40g:-:::::::*
	cpe:2.3:h:cisco:catalyst_3850-nm-8-10g:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-40:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-80:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-cl:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-l:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-l-c:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-l-f:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200-24p:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200-24t:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200-48p:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200-48t:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-24p-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-24p-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-24pxg-2y:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-24pxg-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-24t-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-24t-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-48p-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-48p-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-48pxg-2y:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-48pxg-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-48t-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-48t-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-24p:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-24s:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-24t:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-24u:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-24ux:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-48p:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-48s:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-48t:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-48u:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-48un:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-48uxm:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-24p-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-24p-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-24t-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-24t-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-48p-4g:-:::::::*
cpe:2.3:h:cisco:catalyst_c9300l-48p-4x:-:::::::*
cpe:2.3:h:cisco:catalyst_c9300l-48t-4g:-:::::::*
cpe:2.3:h:cisco:catalyst_c9300l-48t-4x:-:::::::*
cpe:2.3:h:cisco:catalyst_c9500-12q:-:::::::*
cpe:2.3:h:cisco:catalyst_c9500-16x:-:::::::*
cpe:2.3:h:cisco:catalyst_c9500-24q:-:::::::*
cpe:2.3:h:cisco:catalyst_c9500-24y4c:-:::::::*
cpe:2.3:h:cisco:catalyst_c9500-32c:-:::::::*
cpe:2.3:h:cisco:catalyst_c9500-32qc:-:::::::*
cpe:2.3:h:cisco:catalyst_c9500-40x:-:::::::*
cpe:2.3:h:cisco:catalyst_c9500-48y4c:-:::::::*
cpe:2.3:h:cisco:integrated_services_virtual_router:-:::::::*

Configuration 3 [-]

AND

cpe:2.3:o:cisco:ios_xe:17.1.1:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:catalyst_3650-12x48uq:-:::::::*
	cpe:2.3:h:cisco:catalyst_3650-12x48ur:-:::::::*
	cpe:2.3:h:cisco:catalyst_3650-12x48uz:-:::::::*
	cpe:2.3:h:cisco:catalyst_3650-24pd:-:::::::*
	cpe:2.3:h:cisco:catalyst_3650-24pdm:-:::::::*
	cpe:2.3:h:cisco:catalyst_3650-48fq:-:::::::*
	cpe:2.3:h:cisco:catalyst_3650-48fqm:-:::::::*
	cpe:2.3:h:cisco:catalyst_3650-8x24uq:-:::::::*
	cpe:2.3:h:cisco:catalyst_3850-12x48u:-:::::::*
	cpe:2.3:h:cisco:catalyst_3850-24u:-:::::::*
	cpe:2.3:h:cisco:catalyst_3850-24xs:-:::::::*
	cpe:2.3:h:cisco:catalyst_3850-24xu:-:::::::*
	cpe:2.3:h:cisco:catalyst_3850-48u:-:::::::*
	cpe:2.3:h:cisco:catalyst_3850-48xs:-:::::::*
	cpe:2.3:h:cisco:catalyst_3850-nm-2-40g:-:::::::*
	cpe:2.3:h:cisco:catalyst_3850-nm-8-10g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200-24p:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200-24t:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200-48p:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200-48t:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-24p-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-24p-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-24pxg-2y:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-24pxg-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-24t-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-24t-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-48p-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-48p-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-48pxg-2y:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-48pxg-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-48t-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-48t-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-24p:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-24s:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-24t:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-24u:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-24ux:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-48p:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-48s:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-48t:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-48u:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-48un:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-48uxm:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-24p-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-24p-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-24t-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-24t-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-48p-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-48p-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-48t-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300l-48t-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9500-12q:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9500-16x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9500-24q:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9500-24y4c:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9500-32c:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9500-32qc:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9500-40x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9500-48y4c:-:::::::*
	cpe:2.3:h:cisco:cloud_services_router_1000v:-:::::::*

No data.

References

Link	Providers
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-webui-cmd-injection

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2019-09-25T20:05:12.419865Z

Updated: 2024-09-17T04:14:55.997Z

Reserved: 2019-06-04T00:00:00

Link: CVE-2019-12650

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-09-25T20:15:10.650

Modified: 2023-05-22T18:57:24.750

Link: CVE-2019-12650

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object