CVE-2019-1762
MEDIUMCisco IOS and IOS XE - Exposure of Sensitive System Information via Secure Storage Feature
Title source: llmDescription
A vulnerability in the Secure Storage feature of Cisco IOS and IOS XE Software could allow an authenticated, local attacker to access sensitive system information on an affected device. The vulnerability is due to improper memory operations performed at encryption time, when affected software handles configuration updates. An attacker could exploit this vulnerability by retrieving the contents of specific memory locations of an affected device. A successful exploit could result in the disclosure of keying materials that are part of the device configuration, which can be used to recover critical system information.
References (2)
Core 2
Core References
Patch, Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-info
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/107594
Scores
CVSS v3
4.4
EPSS
0.0023
EPSS Percentile
14.0%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (50)
cisco/ios
12.2\(6\)i1
cisco/ios
15.1\(2\)sg8a
cisco/ios
15.1\(3\)svg3d
cisco/ios
15.1\(3\)svi1b
cisco/ios
15.1\(3\)svm3
cisco/ios
15.1\(3\)svn2
cisco/ios
15.1\(3\)svo1
cisco/ios
15.1\(3\)svo2
cisco/ios
15.1\(3\)svp1
cisco/ios
15.1\(4\)m12c
... and 40 more
Published
Mar 28, 2019
Tracked Since
Feb 18, 2026