Vulnerability Description
A vulnerability in the Secure Shell (SSH) authentication function of Cisco IOS XR Software could allow an authenticated, remote attacker to successfully log in to an affected device using two distinct usernames. The vulnerability is due to a logic error that may occur when certain sequences of actions are processed during an SSH login event on the affected device. An attacker could exploit this vulnerability by initiating an SSH session to the device with a specific sequence that presents the two usernames. A successful exploit could result in logging data misrepresentation, user enumeration, or, in certain circumstances, a command authorization bypass. See the Details section for more information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ios Xr Firmware | 6.1.2.tools |
| Cisco | Asr 9001 | - |
| Cisco | Asr 9006 | - |
| Cisco | Asr 9010 | - |
| Cisco | Asr 9901 | - |
| Cisco | Asr 9904 | - |
| Cisco | Asr 9906 | - |
| Cisco | Asr 9910 | - |
| Cisco | Asr 9912 | - |
| Cisco | Asr 9922 | - |
| Cisco | Crs-1 16-Slot Line Card Chassis | - |
| Cisco | Crs-1 16-Slot Single-Shelf System | - |
| Cisco | Crs-1 4-Slot Single-Shelf System | - |
| Cisco | Crs-1 8-Slot Line Card Chassis | - |
| Cisco | Crs-1 8-Slot Single-Shelf System | - |
| Cisco | Crs-1 Fabric Card Chassis | - |
| Cisco | Crs-1 Line Card Chassis \(Dual\) | - |
| Cisco | Crs-1 Line Card Chassis \(Multi\) | - |
| Cisco | Crs-1 Multishelf System | - |
| Cisco | Crs-3 16-Slot Single-Shelf System | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/108687Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- http://www.securityfocus.com/bid/108687Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2019-1842?
CVE-2019-1842 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A vulnerability in the Secure Shell (SSH) authentication function of Cisco IOS XR Software could allow an authenticated, remote attacker to successfully log in to an affected device using two distinct...
How severe is CVE-2019-1842?
CVE-2019-1842 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-1842?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios Xr Firmware, Cisco Asr 9001, Cisco Asr 9006, Cisco Asr 9010, Cisco Asr 9901.