What is the severity of CVE-2019-1759?

The severity of CVE-2019-1759 is rated as critical due to its potential to allow unauthenticated remote attackers to access sensitive parts of the network.

How do I fix CVE-2019-1759?

To fix CVE-2019-1759, it is recommended to apply the latest software updates provided by Cisco for affected versions of IOS XE.

Which versions of Cisco IOS XE are affected by CVE-2019-1759?

CVE-2019-1759 affects multiple versions of Cisco IOS XE, including versions from 3.2.0ja to 16.9.2.

What impact does CVE-2019-1759 have on my network security?

CVE-2019-1759 can impact network security by allowing unauthorized access to management interfaces, potentially compromising network devices.

Is there a workaround for CVE-2019-1759 if a patch cannot be immediately applied?

Yes, as a workaround for CVE-2019-1759, network administrators can enforce strong ACLs to restrict access to the management interfaces until a patch can be applied.

Vulnerability/
CVE-2019-1759

medium

5.3

CWE

287 284

28/3/2019

21/11/2024

CVE-2019-1759: Cisco IOS XE Software Gigabit Ethernet Management Interface Access Control List Bypass Vulnerability

First published: Thu Mar 28 2019(Updated: )

A vulnerability in access control list (ACL) functionality of the Gigabit Ethernet Management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to reach the configured IP addresses on the Gigabit Ethernet Management interface. The vulnerability is due to a logic error that was introduced in the Cisco IOS XE Software 16.1.1 Release, which prevents the ACL from working when applied against the management interface. An attacker could exploit this issue by attempting to access the device via the management interface.

Credit: ykramarz@cisco.com ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco IOS XE Software	=3.2.0ja
Cisco IOS XE Software	=16.2.1
Cisco IOS XE Software	=16.2.2
Cisco IOS XE Software	=16.3.1
Cisco IOS XE Software	=16.3.1a
Cisco IOS XE Software	=16.3.2
Cisco IOS XE Software	=16.3.3
Cisco IOS XE Software	=16.3.4
Cisco IOS XE Software	=16.3.5
Cisco IOS XE Software	=16.3.5b
Cisco IOS XE Software	=16.3.6
Cisco IOS XE Software	=16.3.7
Cisco IOS XE Software	=16.4.1
Cisco IOS XE Software	=16.4.2
Cisco IOS XE Software	=16.4.3
Cisco IOS XE Software	=16.5.1
Cisco IOS XE Software	=16.5.1a
Cisco IOS XE Software	=16.5.1b
Cisco IOS XE Software	=16.5.2
Cisco IOS XE Software	=16.5.3
Cisco IOS XE Software	=16.6.1
Cisco IOS XE Software	=16.6.2
Cisco IOS XE Software	=16.6.3
Cisco IOS XE Software	=16.6.4
Cisco IOS XE Software	=16.6.4a
Cisco IOS XE Software	=16.6.4s
Cisco IOS XE Software	=16.7.1
Cisco IOS XE Software	=16.7.1a
Cisco IOS XE Software	=16.7.1b
Cisco IOS XE Software	=16.7.2
Cisco IOS XE Software	=16.8.1
Cisco IOS XE Software	=16.8.1a
Cisco IOS XE Software	=16.8.1b
Cisco IOS XE Software	=16.8.1c
Cisco IOS XE Software	=16.8.1d
Cisco IOS XE Software	=16.8.1e
Cisco IOS XE Software	=16.8.1s
Cisco IOS XE Software	=16.8.2
Cisco IOS XE Software	=16.9.1
Cisco IOS XE Software	=16.9.1a
Cisco IOS XE Software	=16.9.1b
Cisco IOS XE Software	=16.9.1c
Cisco IOS XE Software	=16.9.1d
Cisco IOS XE Software	=16.9.1s
Cisco IOS XE Software	=16.9.2

Remedy

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-mgmtacl

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-1759?
The severity of CVE-2019-1759 is rated as critical due to its potential to allow unauthenticated remote attackers to access sensitive parts of the network.
How do I fix CVE-2019-1759?
To fix CVE-2019-1759, it is recommended to apply the latest software updates provided by Cisco for affected versions of IOS XE.
Which versions of Cisco IOS XE are affected by CVE-2019-1759?
CVE-2019-1759 affects multiple versions of Cisco IOS XE, including versions from 3.2.0ja to 16.9.2.
What impact does CVE-2019-1759 have on my network security?
CVE-2019-1759 can impact network security by allowing unauthorized access to management interfaces, potentially compromising network devices.
Is there a workaround for CVE-2019-1759 if a patch cannot be immediately applied?
Yes, as a workaround for CVE-2019-1759, network administrators can enforce strong ACLs to restrict access to the management interfaces until a patch can be applied.

agent/weakness
agent/references
agent/type
agent/title
agent/remedy
agent/severity
agent/description
collector/mitre-cve
source/MITRE
agent/first-publish-date
agent/author
agent/last-modified-date
agent/event
agent/source
agent/tags
agent/softwarecombine
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-index
vendor/cisco
canonical/cisco ios xe
version/cisco ios xe/3.2.0ja
version/cisco ios xe/16.2.1
version/cisco ios xe/16.2.2
version/cisco ios xe/16.3.1
version/cisco ios xe/16.3.1a
version/cisco ios xe/16.3.2
version/cisco ios xe/16.3.3
version/cisco ios xe/16.3.4
version/cisco ios xe/16.3.5
version/cisco ios xe/16.3.5b
version/cisco ios xe/16.3.6
version/cisco ios xe/16.3.7
version/cisco ios xe/16.4.1
version/cisco ios xe/16.4.2
version/cisco ios xe/16.4.3
version/cisco ios xe/16.5.1
version/cisco ios xe/16.5.1a
version/cisco ios xe/16.5.1b
version/cisco ios xe/16.5.2
version/cisco ios xe/16.5.3
version/cisco ios xe/16.6.1
version/cisco ios xe/16.6.2
version/cisco ios xe/16.6.3
version/cisco ios xe/16.6.4
version/cisco ios xe/16.6.4a
version/cisco ios xe/16.6.4s
version/cisco ios xe/16.7.1
version/cisco ios xe/16.7.1a
version/cisco ios xe/16.7.1b
version/cisco ios xe/16.7.2
version/cisco ios xe/16.8.1
version/cisco ios xe/16.8.1a
version/cisco ios xe/16.8.1b
version/cisco ios xe/16.8.1c
version/cisco ios xe/16.8.1d
version/cisco ios xe/16.8.1e
version/cisco ios xe/16.8.1s
version/cisco ios xe/16.8.2
version/cisco ios xe/16.9.1
version/cisco ios xe/16.9.1a
version/cisco ios xe/16.9.1b
version/cisco ios xe/16.9.1c
version/cisco ios xe/16.9.1d
version/cisco ios xe/16.9.1s
version/cisco ios xe/16.9.2