CVE-2019-1842 MEDIUM

CVE-2019-1842: Cisco IOS XR Software Secure Shell Authentication Vulnerability

Vendor Cisco

Product Cisco IOS XR Software

Weakness CWE-285

Published June 5, 2019

Last update November 21, 2024

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

A vulnerability in the Secure Shell (SSH) authentication function of Cisco IOS XR Software could allow an authenticated, remote attacker to successfully log in to an affected device using two distinct usernames. The vulnerability is due to a logic error that may occur when certain sequences of actions are processed during an SSH login event on the affected device. An attacker could exploit this vulnerability by initiating an SSH session to the device with a specific sequence that presents the two usernames. A successful exploit could result in logging data misrepresentation, user enumeration, or, in certain circumstances, a command authorization bypass. See the Details section for more information.

Key dates

02Disclosure timeline

June 5, 2019 CVE published

November 21, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-1842

Related vulnerabilities

Identifiers

CVE CVE-2019-1842

CWE CWE-285

CVSS 5.4 / MEDIUM

Affected versions