Vulnerability Description
A vulnerability in the Secure Storage feature of Cisco IOS and IOS XE Software could allow an authenticated, local attacker to access sensitive system information on an affected device. The vulnerability is due to improper memory operations performed at encryption time, when affected software handles configuration updates. An attacker could exploit this vulnerability by retrieving the contents of specific memory locations of an affected device. A successful exploit could result in the disclosure of keying materials that are part of the device configuration, which can be used to recover critical system information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ios | 12.2\(6\)i1 |
| Cisco | Ios Xe | 16.6.1 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/107594Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2PatchVendor Advisory
- http://www.securityfocus.com/bid/107594Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2PatchVendor Advisory
FAQ
What is CVE-2019-1762?
CVE-2019-1762 is a vulnerability with a CVSS score of 4.4 (MEDIUM). A vulnerability in the Secure Storage feature of Cisco IOS and IOS XE Software could allow an authenticated, local attacker to access sensitive system information on an affected device. The vulnerabil...
How severe is CVE-2019-1762?
CVE-2019-1762 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-1762?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios, Cisco Ios Xe.