mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-06-21 05:40:25 +00:00
Auto-merge PR#1782
Auto-merge PR#1782
This commit is contained in:
CVE Team
GitHub
commit
c1b93122de
@ -1,8 +1,154 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ASSIGNER": "psirt@cisco.com",
|
||||
"DATE_PUBLIC": "2019-03-27T16:00:00-0700",
|
||||
"ID": "CVE-2019-1743",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "Cisco IOS XE Software Arbitrary File Upload Vulnerability"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Cisco IOS XE Software",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "16.2.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "16.2.2"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "16.3.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "16.3.2"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "16.3.3"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "16.3.1a"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "16.3.4"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "16.3.5"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "16.3.5b"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "16.3.6"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "16.4.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "16.4.2"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "16.4.3"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "16.5.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "16.5.1a"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "16.5.1b"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "16.5.2"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "16.5.3"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "16.6.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "16.6.2"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "16.6.3"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "16.7.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "16.7.1a"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "16.7.1b"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "16.8.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "16.8.1a"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "16.8.1b"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "16.8.1s"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "16.8.1c"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "16.8.1d"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "16.8.1e"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Cisco"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
@ -11,8 +157,51 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability in the web UI framework of Cisco IOS XE Software could allow an authenticated, remote attacker to make unauthorized changes to the filesystem of the affected device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by crafting a malicious file and uploading it to the device. An exploit could allow the attacker to gain elevated privileges on the affected device. "
|
||||
}
|
||||
]
|
||||
},
|
||||
"exploit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"baseScore": "8.8",
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H ",
|
||||
"version": "3.0"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-20"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "20190327 Cisco IOS XE Software Arbitrary File Upload Vulnerability",
|
||||
"refsource": "CISCO",
|
||||
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-afu"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"advisory": "cisco-sa-20190327-afu",
|
||||
"defect": [
|
||||
[
|
||||
"CSCvi48984"
|
||||
]
|
||||
],
|
||||
"discovery": "INTERNAL"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user