CVE-2019-12660

MEDIUM

Cisco Ios XE - Exposure to Wrong Actor

Title source: rule

Description

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to write values to the underlying memory of an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to modify the configuration of the device to cause it to be non-secure and abnormally functioning.

References (1)

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-awr

Scores

CVSS v3 5.5

EPSS 0.0007

EPSS Percentile 20.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Classification

CWE

CWE-668

Status published

Affected Products (1)

cisco/ios_xe

Timeline

Published Sep 25, 2019

Tracked Since Feb 18, 2026