CVE-2019-1759 MEDIUM

CVE-2019-1759: Cisco IOS XE Software Gigabit Ethernet Management Interface Access Control List Bypass Vulnerability

Vendor Cisco
Product Cisco IOS XE Software
Weakness CWE-284
Published March 28, 2019
Last update November 19, 2024
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability in access control list (ACL) functionality of the Gigabit Ethernet Management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to reach the configured IP addresses on the Gigabit Ethernet Management interface. The vulnerability is due to a logic error that was introduced in the Cisco IOS XE Software 16.1.1 Release, which prevents the ACL from working when applied against the management interface. An attacker could exploit this issue by attempting to access the device via the management interface.

Key dates

02Disclosure timeline

March 28, 2019 CVE published
November 19, 2024 Record updated