CVE-2019-12648
Summary
| CVE | CVE-2019-12648 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-09-25 20:15:00 UTC |
| Updated | 2019-10-09 23:45:00 UTC |
| Description | A vulnerability in the IOx application environment for Cisco IOS Software could allow an authenticated, remote attacker to gain unauthorized access to the Guest Operating System (Guest OS) running on an affected device. The vulnerability is due to incorrect role-based access control (RBAC) evaluation when a low-privileged user requests access to a Guest OS that should be restricted to administrative accounts. An attacker could exploit this vulnerability by authenticating to the Guest OS by using the low-privileged-user credentials. An exploit could allow the attacker to gain unauthorized access to the Guest OS as a root user. |
Risk And Classification
Problem Types: CWE-863
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Cisco | 807 Industrial Integrated Services Routers | - | All | All | All |
| Hardware | Cisco | 807 Industrial Integrated Services Routers | - | All | All | All |
| Hardware | Cisco | 809 Industrial Integrated Services Routers | - | All | All | All |
| Hardware | Cisco | 809 Industrial Integrated Services Routers | - | All | All | All |
| Hardware | Cisco | 829 Industrial Integrated Services Routers | - | All | All | All |
| Hardware | Cisco | 829 Industrial Integrated Services Routers | - | All | All | All |
| Hardware | Cisco | Cgr1240 | - | All | All | All |
| Hardware | Cisco | Cgr1240 | - | All | All | All |
| Hardware | Cisco | Cgr 1120 | - | All | All | All |
| Hardware | Cisco | Cgr 1120 | - | All | All | All |
| Operating System | Cisco | Ios | 15.7(3)m3 | All | All | All |
| Operating System | Cisco | Ios | 15.7\(3\)m3 | All | All | All |
| Operating System | Cisco | Ios | 15.7\(3\)m3 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco IOx for IOS Software Guest Operating System Unauthorized Access Vulnerability | CISCO | tools.cisco.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.