{"containers": {"cna": {"affected": [{"product": "Cisco IOS XE Software", "vendor": "Cisco", "versions": [{"status": "affected", "version": "3.6.10E"}, {"status": "affected", "version": "16.1.1"}, {"status": "affected", "version": "16.1.2"}, {"status": "affected", "version": "16.1.3"}, {"status": "affected", "version": "3.2.0JA"}, {"status": "affected", "version": "16.2.1"}, {"status": "affected", "version": "16.2.2"}, {"status": "affected", "version": "16.3.1"}, {"status": "affected", "version": "16.3.2"}, {"status": "affected", "version": "16.3.3"}, {"status": "affected", "version": "16.3.1a"}, {"status": "affected", "version": "16.3.4"}, {"status": "affected", "version": "16.3.5"}, {"status": "affected", "version": "16.3.5b"}, {"status": "affected", "version": "16.3.6"}, {"status": "affected", "version": "16.3.7"}, {"status": "affected", "version": "16.3.8"}, {"status": "affected", "version": "16.4.1"}, {"status": "affected", "version": "16.4.2"}, {"status": "affected", "version": "16.4.3"}, {"status": "affected", "version": "16.5.1"}, {"status": "affected", "version": "16.5.1a"}, {"status": "affected", "version": "16.5.1b"}, {"status": "affected", "version": "16.5.2"}, {"status": "affected", "version": "16.5.3"}, {"status": "affected", "version": "16.6.1"}, {"status": "affected", "version": "16.6.2"}, {"status": "affected", "version": "16.6.3"}, {"status": "affected", "version": "16.7.1"}, {"status": "affected", "version": "16.7.1a"}, {"status": "affected", "version": "16.7.1b"}, {"status": "affected", "version": "16.8.1"}, {"status": "affected", "version": "16.8.1a"}, {"status": "affected", "version": "16.8.1b"}, {"status": "affected", "version": "16.8.1s"}, {"status": "affected", "version": "16.8.1c"}, {"status": "affected", "version": "16.8.1d"}, {"status": "affected", "version": "16.8.1e"}]}], "datePublic": "2019-03-27T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the Web Services Management Agent (WSMA) function of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary Cisco IOS commands as a privilege level 15 user. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker could exploit this vulnerability by submitting crafted HTTP requests to the targeted application. A successful exploit could allow the attacker to execute arbitrary commands on the affected device."}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-03-28T07:06:20", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20190327 Cisco IOS XE Software Command Injection Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-iosxe-cmdinj"}, {"name": "107380", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/107380"}], "source": {"advisory": "cisco-sa-20190327-iosxe-cmdinj", "defect": [["CSCvi36824", "CSCvi36824"]], "discovery": "INTERNAL"}, "title": "Cisco IOS XE Software Command Injection Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-03-27T16:00:00-0700", "ID": "CVE-2019-1755", "STATE": "PUBLIC", "TITLE": "Cisco IOS XE Software Command Injection Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco IOS XE Software", "version": {"version_data": [{"version_affected": "=", "version_value": "3.6.10E"}, {"version_affected": "=", "version_value": "16.1.1"}, {"version_affected": "=", "version_value": "16.1.2"}, {"version_affected": "=", "version_value": "16.1.3"}, {"version_affected": "=", "version_value": "3.2.0JA"}, {"version_affected": "=", "version_value": "16.2.1"}, {"version_affected": "=", "version_value": "16.2.2"}, {"version_affected": "=", "version_value": "16.3.1"}, {"version_affected": "=", "version_value": "16.3.2"}, {"version_affected": "=", "version_value": "16.3.3"}, {"version_affected": "=", "version_value": "16.3.1a"}, {"version_affected": "=", "version_value": "16.3.4"}, {"version_affected": "=", "version_value": "16.3.5"}, {"version_affected": "=", "version_value": "16.3.5b"}, {"version_affected": "=", "version_value": "16.3.6"}, {"version_affected": "=", "version_value": "16.3.7"}, {"version_affected": "=", "version_value": "16.3.8"}, {"version_affected": "=", "version_value": "16.4.1"}, {"version_affected": "=", "version_value": "16.4.2"}, {"version_affected": "=", "version_value": "16.4.3"}, {"version_affected": "=", "version_value": "16.5.1"}, {"version_affected": "=", "version_value": "16.5.1a"}, {"version_affected": "=", "version_value": "16.5.1b"}, {"version_affected": "=", "version_value": "16.5.2"}, {"version_affected": "=", "version_value": "16.5.3"}, {"version_affected": "=", "version_value": "16.6.1"}, {"version_affected": "=", "version_value": "16.6.2"}, {"version_affected": "=", "version_value": "16.6.3"}, {"version_affected": "=", "version_value": "16.7.1"}, {"version_affected": "=", "version_value": "16.7.1a"}, {"version_affected": "=", "version_value": "16.7.1b"}, {"version_affected": "=", "version_value": "16.8.1"}, {"version_affected": "=", "version_value": "16.8.1a"}, {"version_affected": "=", "version_value": "16.8.1b"}, {"version_affected": "=", "version_value": "16.8.1s"}, {"version_affected": "=", "version_value": "16.8.1c"}, {"version_affected": "=", "version_value": "16.8.1d"}, {"version_affected": "=", "version_value": "16.8.1e"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the Web Services Management Agent (WSMA) function of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary Cisco IOS commands as a privilege level 15 user. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker could exploit this vulnerability by submitting crafted HTTP requests to the targeted application. A successful exploit could allow the attacker to execute arbitrary commands on the affected device."}]}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "impact": {"cvss": {"baseScore": "6.5", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20"}]}]}, "references": {"reference_data": [{"name": "20190327 Cisco IOS XE Software Command Injection Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-iosxe-cmdinj"}, {"name": "107380", "refsource": "BID", "url": "http://www.securityfocus.com/bid/107380"}]}, "source": {"advisory": "cisco-sa-20190327-iosxe-cmdinj", "defect": [["CSCvi36824", "CSCvi36824"]], "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T18:28:42.244Z"}, "title": "CVE Program Container", "references": [{"name": "20190327 Cisco IOS XE Software Command Injection Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-iosxe-cmdinj"}, {"name": "107380", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/107380"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1755", "datePublished": "2019-03-28T00:15:22.236115Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-09-16T19:30:18.460Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios_xe:3.2.0ja:*:*:*:*:*:*:*", "matchCriteriaId": "52BC2A87-31EC-4E15-86E3-ECBEFA9E479A", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.6.10e:*:*:*:*:*:*:*", "matchCriteriaId": "D92991EE-BB4A-499D-8F14-F7D0E32BE31E", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "0ED5527C-A638-4E20-9928-099E32E17743", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "1A685A9A-235D-4D74-9D6C-AC49E75709CA", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "43052998-0A27-4E83-A884-A94701A3F4CE", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "89526731-B712-43D3-B451-D7FC503D2D65", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "302933FE-4B6A-48A3-97F0-4B943251B717", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "296636F1-9242-429B-8472-90352C056106", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.1a:*:*:*:*:*:*:*", "matchCriteriaId": "77993343-0394-413F-ABF9-C1215E9AD800", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "283971DD-DD58-4A76-AC2A-F316534ED416", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "A8F324A5-4830-482E-A684-AB3B6594CEAE", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "E8120196-8648-49D0-8262-CD4C9C90C37A", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "33E7CCE2-C685-4019-9B55-B3BECB3E5F76", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.5b:*:*:*:*:*:*:*", "matchCriteriaId": "0699DD6E-BA74-4814-93AB-300329C9D032", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "C2E2D781-2684-45F1-AC52-636572A0DCA8", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "479FB47B-AF2E-4FCB-8DE0-400BF325666C", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.8:*:*:*:*:*:*:*", "matchCriteriaId": "DF2B4C78-5C31-4F3D-9639-305E15576E79", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "77E8AF15-AB46-4EAB-8872-8C55E8601599", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "957318BE-55D4-4585-AA52-C813301D01C3", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "8F11B703-8A0F-47ED-AA70-951FF78B94A4", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "FE7B2557-821D-4E05-B5C3-67192573D97D", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.5.1a:*:*:*:*:*:*:*", "matchCriteriaId": "5EE6EC32-51E4-43A3-BFB9-A0D842D08E87", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.5.1b:*:*:*:*:*:*:*", "matchCriteriaId": "187F699A-AF2F-42B0-B855-27413140C384", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "7E0B905E-4D92-4FD6-B2FF-41FF1F59A948", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "62EDEC28-661E-42EF-88F0-F62D0220D2E5", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "F821EBD7-91E2-4460-BFAF-18482CF6CB8C", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "E36D2D24-8F63-46DE-AC5F-8DE33332EBC6", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "C9B825E6-5929-4890-BDBA-4CF4BD2314C9", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "623BF701-ADC9-4F24-93C5-043A6A7FEF5F", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.7.1a:*:*:*:*:*:*:*", "matchCriteriaId": "E5311FBE-12BF-41AC-B8C6-D86007834863", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.7.1b:*:*:*:*:*:*:*", "matchCriteriaId": "52FB055E-72F9-4CB7-A51D-BF096BD1A55D", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "57D4F634-03D5-4D9F-901C-7E9CE45F2F38", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.8.1a:*:*:*:*:*:*:*", "matchCriteriaId": "4463A1D1-E169-4F0B-91B2-FA126BB444CB", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.8.1b:*:*:*:*:*:*:*", "matchCriteriaId": "D97F69C3-CAA6-491C-A0B6-6DC12B5AB472", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.8.1c:*:*:*:*:*:*:*", "matchCriteriaId": "CDD58C58-1B0C-4A71-8C02-F555CEF9C253", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.8.1d:*:*:*:*:*:*:*", "matchCriteriaId": "96852D16-AF50-4C70-B125-D2349E6765D7", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.8.1e:*:*:*:*:*:*:*", "matchCriteriaId": "A15B882A-BA60-4932-A55E-F4A798B30EEB", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.8.1s:*:*:*:*:*:*:*", "matchCriteriaId": "5C9C585C-A6EC-4385-B915-046C110BF95F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the Web Services Management Agent (WSMA) function of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary Cisco IOS commands as a privilege level 15 user. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker could exploit this vulnerability by submitting crafted HTTP requests to the targeted application. A successful exploit could allow the attacker to execute arbitrary commands on the affected device."}, {"lang": "es", "value": "Una vulnerabilidad en la funci\u00f3n WSMA (Web Services Management Agent) del software Cisco IOS XE podr\u00eda permitir que un atacante remoto autenticado ejecute comandos arbitrarios de Cisco IOS como usuario con nivel 15 de privilegios. La vulnerabilidad ocurre debido a que el software afectado sanea incorrectamente las entradas proporcionadas por el usuario. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de peticiones HTTP manipuladas a la aplicaci\u00f3n objetivo. Un exploit con \u00e9xito podr\u00eda permitir que el atacante ejecute comandos arbitrarios en el dispositivo afectado."}], "id": "CVE-2019-1755", "lastModified": "2019-10-09T23:47:59.033", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "ykramarz@cisco.com", "type": "Secondary"}]}, "published": "2019-03-28T01:29:00.330", "references": [{"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/107380"}, {"source": "ykramarz@cisco.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-iosxe-cmdinj"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}

{}