CVE-2019-1748
HIGHCisco IOS - Unauthenticated Improper Certificate Validation
Title source: llmDescription
A vulnerability in the Cisco Network Plug-and-Play (PnP) agent of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability exists because the affected software insufficiently validates certificates. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt and modify confidential information on user connections to the affected software.
References (2)
Core 2
Core References
Patch, Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-pnp-cert
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/107619
Scores
CVSS v3
7.4
EPSS
0.0118
EPSS Percentile
63.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-295
Status
published
Products (50)
cisco/ios
12.0\(1\)
cisco/ios
12.0\(1\)t
cisco/ios
12.0\(1\)t1
cisco/ios
12.0\(1\)xe
cisco/ios
12.0\(1a\)
cisco/ios
12.0\(2\)
cisco/ios
12.0\(2\)s
cisco/ios
12.0\(2\)t
cisco/ios
12.0\(2\)t1
cisco/ios
12.0\(2\)xe
... and 40 more
Published
Mar 28, 2019
Tracked Since
Feb 18, 2026