CVE-2019-1762

Published Mar 28, 2019
Last updated 5 years ago
CVSS medium 4.4
Overview

Description: A vulnerability in the Secure Storage feature of Cisco IOS and IOS XE Software could allow an authenticated, local attacker to access sensitive system information on an affected device. The vulnerability is due to improper memory operations performed at encryption time, when affected software handles configuration updates. An attacker could exploit this vulnerability by retrieving the contents of specific memory locations of an affected device. A successful exploit could result in the disclosure of keying materials that are part of the device configuration, which can be used to recover critical system information.
Source: ykramarz@cisco.com
NVD status: Modified
Risk scores

CVSS 3.0

Type: Primary
Base score: 4.4
Impact score: 3.6
Exploitability score: 0.8
Vector string: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM
CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:N/A:N
Weaknesses

nvd@nist.gov: CWE-200
ykramarz@cisco.com: CWE-200
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ios:12.2\\(6\\)i1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BEAFD220-48D7-46EE-8537-A69C5F8D0F2D"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.1\\(2\\)sg8a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FFFA4F2A-4BE5-4FD5-A3D4-2B28D6A25A53"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.1\\(3\\)svg3d:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "379793AF-11E1-4510-B5A0-3705B324669E"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.1\\(3\\)svi1b:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "29FAF4EA-DCB7-4D81-AB2E-DCCE32EC14FB"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.1\\(3\\)svm3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4CCBC8E0-C6DC-4F23-A949-073E625505CE"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.1\\(3\\)svn2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D400949D-766A-497B-AC76-6EE81295C0D4"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.1\\(3\\)svo1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2787A781-32EC-4A59-8472-A0A7E3086A4F"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.1\\(3\\)svo2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B853917E-D8E2-4CBD-BB4F-CB447BE052F2"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.1\\(3\\)svp1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "82784B3A-A4EA-4BBE-9ACE-BAE4895372CA"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.1\\(4\\)m12c:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A47B1CBB-1604-46BA-84EA-F81197AFA03C"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(3\\)ea1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "94FD5120-C385-4F16-AB3F-979D851DF8D9"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(4\\)jn1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B171170-4BBD-4E09-BF5A-6DA3F110C7D2"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.2\\(4a\\)ea5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "734AA8D5-5BB9-4E1D-B8CB-0A14BADA9EF8"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.3\\(3\\)ja1n:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49DAE7DA-E0D3-4434-AD75-C8894D939A83"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.3\\(3\\)jf35:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7590C6F4-D2AF-4B15-A278-8249C5EE6617"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.3\\(3\\)ji2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F4041C7F-B0C7-4CF0-A77F-84A031424797"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.3\\(3\\)jn1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FFD112AD-9D7D-45C1-80DE-96037B425F98"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.3\\(3\\)jn2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AFFDA314-0FAA-4BF7-AEED-DF2509B74E09"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.6\\(2\\)sp3b:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1195EA28-E1BA-4D66-BC71-977F93E9E943"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C7C5C705-6A8C-4834-9D24-CFE26A232C15"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m1a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "691BA27E-77AB-4A30-916D-3BB916B05298"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m1b:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC270E40-CABA-44B4-B4DD-E9C47A97770B"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC1DB8C1-7F7D-4562-A317-87E925CAD524"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m2a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A1887D9-E339-4DC6-BE24-A5FF15438B2F"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8AB2645F-C3BF-458F-9D07-6D66E1953730"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m3a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1B2303A3-CAF1-4DBA-BB6E-F205C23DCE6D"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "686FD45C-7722-4D98-A6D7-C36CAC56A4AA"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3.1\\)m:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "63447C8D-4197-4800-884B-4AE95AD83F10"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C8A00BF-4522-467B-A96E-5C33623DCA2D"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m0a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D2A434E7-B27C-4663-BE83-39A650D22D26"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "47C106CF-CBD3-4630-8E77-EDB1643F97E6"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F821EBD7-91E2-4460-BFAF-18482CF6CB8C"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E36D2D24-8F63-46DE-AC5F-8DE33332EBC6"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9B825E6-5929-4890-BDBA-4CF4BD2314C9"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.6.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "65020120-491D-46CD-8C73-974B6F4C11E6"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.6.4a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7ADDCD0A-6168-45A0-A885-76CC70FE2FC7"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.6.4s:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F35C623-6043-43A6-BBAA-478E185480CF"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "623BF701-ADC9-4F24-93C5-043A6A7FEF5F"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.7.1a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E5311FBE-12BF-41AC-B8C6-D86007834863"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.7.1b:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "52FB055E-72F9-4CB7-A51D-BF096BD1A55D"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.7.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0FBD681F-7969-42BE-A47E-7C287755DCB5"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.7.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "98255E6F-3056-487D-9157-403836EFB9D3"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.7.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "521ACFB0-4FB2-44DB-AD7B-C27F9059DE66"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57D4F634-03D5-4D9F-901C-7E9CE45F2F38"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.8.1a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4463A1D1-E169-4F0B-91B2-FA126BB444CB"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.8.1b:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D97F69C3-CAA6-491C-A0B6-6DC12B5AB472"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.8.1c:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CDD58C58-1B0C-4A71-8C02-F555CEF9C253"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.8.1d:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "96852D16-AF50-4C70-B125-D2349E6765D7"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.8.1e:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A15B882A-BA60-4932-A55E-F4A798B30EEB"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.8.1s:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C9C585C-A6EC-4385-B915-046C110BF95F"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.8.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5EC2EE60-4A07-4D92-B9BC-BF07CF4F2BE9"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.9.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "119A964D-ABC8-424D-8097-85B832A833BD"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.9.1a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0375BF9E-D04B-4E5B-9051-536806ECA44E"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.9.1b:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2266E5A2-B3F6-4389-B8E2-42CB845EC7F9"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.9.1c:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "012A6CF7-9104-4882-9C95-E6D4458AB778"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.9.1d:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5AF5214D-9257-498F-A3EB-C4EC18E2FEB2"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.9.1s:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "78DE7780-4E8B-4BB6-BDEB-58032EC65851"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.9.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F29CEE37-4044-4A3C-9685-C9C021FD346A"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.9.2a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3DC5BB06-100F-42C9-8CEB-CC47FD26DDF3"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References
