CVE-2019-1742: Cisco IOS XE Software Information Disclosure Vulnerability
First published: Wed Mar 27 2019(Updated: )
A vulnerability in the web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access sensitive configuration information. The vulnerability is due to improper access control to files within the web UI. An attacker could exploit this vulnerability by sending a malicious request to an affected device. A successful exploit could allow the attacker to gain access to sensitive configuration information.
Credit: ykramarz@cisco.com ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IOS XE Web UI | =3.2.0ja | |
| Cisco IOS XE Web UI | =16.3.1 | |
| Cisco IOS XE Web UI | =16.3.1a | |
| Cisco IOS XE Web UI | =16.3.2 | |
| Cisco IOS XE Web UI | =16.3.3 | |
| Cisco IOS XE Web UI | =16.3.4 | |
| Cisco IOS XE Web UI | =16.3.5 | |
| Cisco IOS XE Web UI | =16.3.5b | |
| Cisco IOS XE Web UI | =16.3.6 | |
| Cisco IOS XE Web UI | =16.4.1 | |
| Cisco IOS XE Web UI | =16.4.2 | |
| Cisco IOS XE Web UI | =16.4.3 | |
| Cisco IOS XE Web UI | =16.5.1 | |
| Cisco IOS XE Web UI | =16.5.1a | |
| Cisco IOS XE Web UI | =16.5.1b | |
| Cisco IOS XE Web UI | =16.5.2 | |
| Cisco IOS XE Web UI | =16.5.3 | |
| Cisco IOS XE Web UI | =16.6.1 | |
| Cisco IOS XE Web UI | =16.6.2 | |
| Cisco IOS XE Web UI | =16.6.3 | |
| Cisco IOS XE Web UI | =16.7.1 | |
| Cisco IOS XE Web UI | =16.7.1a | |
| Cisco IOS XE Web UI | =16.7.1b |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-1742?
CVE-2019-1742 has a medium severity rating due to improper access control in the web UI.
How do I fix CVE-2019-1742?
To fix CVE-2019-1742, you should update your Cisco IOS XE software to the latest patched version.
What type of attack can exploit CVE-2019-1742?
CVE-2019-1742 can be exploited by unauthenticated remote attackers to access sensitive configuration information.
Which Cisco IOS XE versions are affected by CVE-2019-1742?
CVE-2019-1742 affects multiple versions of Cisco IOS XE including 3.2.0ja and 16.3.x through 16.7.x.
Is CVE-2019-1742 easy to exploit?
Yes, CVE-2019-1742 is considered easy to exploit due to inadequate access controls in the web UI.
- agent/references
- agent/type
- agent/title
- agent/remedy
- agent/weakness
- agent/severity
- agent/description
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/cisco
- canonical/cisco ios xe web ui
- version/cisco ios xe web ui/3.2.0ja
- version/cisco ios xe web ui/16.3.1
- version/cisco ios xe web ui/16.3.1a
- version/cisco ios xe web ui/16.3.2
- version/cisco ios xe web ui/16.3.3
- version/cisco ios xe web ui/16.3.4
- version/cisco ios xe web ui/16.3.5
- version/cisco ios xe web ui/16.3.5b
- version/cisco ios xe web ui/16.3.6
- version/cisco ios xe web ui/16.4.1
- version/cisco ios xe web ui/16.4.2
- version/cisco ios xe web ui/16.4.3
- version/cisco ios xe web ui/16.5.1
- version/cisco ios xe web ui/16.5.1a
- version/cisco ios xe web ui/16.5.1b
- version/cisco ios xe web ui/16.5.2
- version/cisco ios xe web ui/16.5.3
- version/cisco ios xe web ui/16.6.1
- version/cisco ios xe web ui/16.6.2
- version/cisco ios xe web ui/16.6.3
- version/cisco ios xe web ui/16.7.1
- version/cisco ios xe web ui/16.7.1a
- version/cisco ios xe web ui/16.7.1b