Vulnerability Description
A vulnerability in the IOx application environment for Cisco IOS Software could allow an authenticated, remote attacker to gain unauthorized access to the Guest Operating System (Guest OS) running on an affected device. The vulnerability is due to incorrect role-based access control (RBAC) evaluation when a low-privileged user requests access to a Guest OS that should be restricted to administrative accounts. An attacker could exploit this vulnerability by authenticating to the Guest OS by using the low-privileged-user credentials. An exploit could allow the attacker to gain unauthorized access to the Guest OS as a root user.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ios | 15.7\(3\)m3 |
| Cisco | 807 Industrial Integrated Services Routers | - |
| Cisco | 809 Industrial Integrated Services Routers | - |
| Cisco | 829 Industrial Integrated Services Routers | - |
| Cisco | Cgr 1120 | - |
| Cisco | Cgr1240 | - |
Related Weaknesses (CWE)
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2019-12648?
CVE-2019-12648 is a vulnerability with a CVSS score of 8.8 (HIGH). A vulnerability in the IOx application environment for Cisco IOS Software could allow an authenticated, remote attacker to gain unauthorized access to the Guest Operating System (Guest OS) running on ...
How severe is CVE-2019-12648?
CVE-2019-12648 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-12648?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios, Cisco 807 Industrial Integrated Services Routers, Cisco 809 Industrial Integrated Services Routers, Cisco 829 Industrial Integrated Services Routers, Cisco Cgr 1120.