medium
5.5
CWE
287 285
Advisory Published
Updated

CVE-2019-1842: Cisco IOS XR Software Secure Shell Authentication Vulnerability

First published: Wed Jun 05 2019(Updated: )

A vulnerability in the Secure Shell (SSH) authentication function of Cisco IOS XR Software could allow an authenticated, remote attacker to successfully log in to an affected device using two distinct usernames. The vulnerability is due to a logic error that may occur when certain sequences of actions are processed during an SSH login event on the affected device. An attacker could exploit this vulnerability by initiating an SSH session to the device with a specific sequence that presents the two usernames. A successful exploit could result in logging data misrepresentation, user enumeration, or, in certain circumstances, a command authorization bypass. See the Details section for more information.

Credit: ykramarz@cisco.com

Affected SoftwareAffected VersionHow to fix
Cisco Ios Xr Firmware=6.1.2.tools
Cisco Ios Xr Firmware=6.1.3.tools
Cisco Ios Xr Firmware=6.2.3.tools
Cisco Ios Xr Firmware=6.4.2.tools
Cisco Asr 9001
Cisco Asr 9006
Cisco Asr 9010
Cisco Asr 9901
Cisco Asr 9904
Cisco Asr 9906
Cisco Asr 9910
Cisco Asr 9912
Cisco Asr 9922
Cisco Crs-1 16-slot Line Card Chassis
Cisco Crs-1 16-slot Single-shelf System
Cisco Crs-1 4-slot Single-shelf System
Cisco Crs-1 8-slot Line Card Chassis
Cisco Crs-1 8-slot Single-shelf System
Cisco Crs-1 Fabric Card Chassis
Cisco Crs-1 Line Card Chassis \(dual\)
Cisco Crs-1 Line Card Chassis \(multi\)
Cisco Crs-1 Multishelf System
Cisco Crs-3 16-slot Single-shelf System
Cisco Crs-3 4-slot Single-shelf System
Cisco Crs-3 8-slot Single-shelf System
Cisco Crs-3 Multishelf System
Cisco Crs-8\/s-b Crs
Cisco Crs-8\/scrs
Cisco Crs-x 16-slot Single-shelf System
Cisco Crs-x Multishelf System
Cisco Ncs 6008-8-slot Chassis
Cisco Network Convergence System 5508

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2019-1842?

    CVE-2019-1842 is a vulnerability in the Secure Shell (SSH) authentication function of Cisco IOS XR Software.

  • How does CVE-2019-1842 allow an attacker to log in to an affected device?

    CVE-2019-1842 allows an authenticated, remote attacker to successfully log in to an affected device using two distinct usernames.

  • What is the severity of CVE-2019-1842?

    The severity of CVE-2019-1842 is medium with a CVSS score of 5.4.

  • What is the affected software for CVE-2019-1842?

    The affected software for CVE-2019-1842 includes Cisco IOS XR Firmware versions 6.1.2.tools, 6.1.3.tools, 6.2.3.tools, and 6.4.2.tools.

  • How can I fix CVE-2019-1842?

    To fix CVE-2019-1842, apply the necessary patches and updates provided by Cisco.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203