CVE-2019-1743

HIGH

Cisco IOS XE - Authenticated Arbitrary File Write via Malicious File Upload

Title source: llm
STIX 2.1

Description

A vulnerability in the web UI framework of Cisco IOS XE Software could allow an authenticated, remote attacker to make unauthorized changes to the filesystem of the affected device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by crafting a malicious file and uploading it to the device. An exploit could allow the attacker to gain elevated privileges on the affected device.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/107591

Scores

CVSS v3 8.8
EPSS 0.0221
EPSS Percentile 80.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-20
Status published
Products (31)
cisco/ios_xe 16.2.1
cisco/ios_xe 16.2.2
cisco/ios_xe 16.3.1
cisco/ios_xe 16.3.1a
cisco/ios_xe 16.3.2
cisco/ios_xe 16.3.3
cisco/ios_xe 16.3.4
cisco/ios_xe 16.3.5
cisco/ios_xe 16.3.5b
cisco/ios_xe 16.3.6
... and 21 more
Published Mar 28, 2019
Tracked Since Feb 18, 2026