CVE-2019-12651

Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Configurations

Configuration 1 (hide)

cpe:2.3:o:cisco:ios:16.11.1:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:cisco:cloud_services_router_1000v_firmware:17.1.1:*:*:*:*:*:*:*
cpe:2.3:h:cisco:cloud_services_router_1000v:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:cisco:integrated_services_virtual_router_firmware:16.6.5:*:*:*:*:*:*:*
cpe:2.3:h:cisco:integrated_services_virtual_router:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-09-25 20:15

Updated : 2024-02-28 17:28


NVD link : CVE-2019-12651

Mitre link : CVE-2019-12651

CVE.ORG link : CVE-2019-12651


JSON object : View

Products Affected

cisco

  • cloud_services_router_1000v
  • ios
  • integrated_services_virtual_router_firmware
  • cloud_services_router_1000v_firmware
  • integrated_services_virtual_router
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')