CVE-2019-1757

A vulnerability in the Cisco Smart Call Home feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
ciscoCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
VendorProductVersion
ciscoios
2.3
ciscoios
12.2\(6\)i1
ciscoios
12.4\(25e\)jap1m
ciscoios
12.4\(25e\)jap2
ciscoios
12.4\(25e\)jap26
ciscoios
12.4\(25e\)jaz1
ciscoios
15.1\(2\)sg8a
ciscoios
15.1\(3\)svg3d
ciscoios
15.1\(3\)svi1b
ciscoios
15.1\(3\)svm3
ciscoios
15.1\(3\)svn2
ciscoios
15.1\(3\)svo1
ciscoios
15.1\(3\)svo2
ciscoios
15.1\(3\)svp1
ciscoios
15.1\(4\)m12c
ciscoios
15.2\(2\)e4
ciscoios
15.2\(2\)e5
ciscoios
15.2\(2\)e5a
ciscoios
15.2\(2\)e5b
ciscoios
15.2\(2\)e6
ciscoios
15.2\(2\)e7
ciscoios
15.2\(2\)e7b
ciscoios
15.2\(2\)e8
ciscoios
15.2\(3\)e4
ciscoios
15.2\(3\)e5
ciscoios
15.2\(3\)ea1
ciscoios
15.2\(4\)e2
ciscoios
15.2\(4\)e3
ciscoios
15.2\(4\)e4
ciscoios
15.2\(4\)e5
ciscoios
15.2\(4\)e5a
ciscoios
15.2\(4\)e6
ciscoios
15.2\(4\)ea8
ciscoios
15.2\(4\)ea9
ciscoios
15.2\(4\)jaz1
ciscoios
15.2\(4\)jn1
ciscoios
15.2\(4a\)ea5
ciscoios
15.2\(4m\)e2
ciscoios
15.2\(4m\)e3
ciscoios
15.2\(4n\)e2
ciscoios
15.2\(4o\)e2
ciscoios
15.2\(4o\)e3
ciscoios
15.2\(4p\)e1
ciscoios
15.2\(4q\)e1
ciscoios
15.2\(4s\)e1
ciscoios
15.2\(4s\)e2
ciscoios
15.2\(5\)e
ciscoios
15.2\(5\)e1
ciscoios
15.2\(5\)e2
ciscoios
15.2\(5\)e2b
ciscoios
15.2\(5\)e2c
ciscoios
15.2\(5\)ea
ciscoios
15.2\(5\)ex
ciscoios
15.2\(5a\)e
ciscoios
15.2\(5a\)e1
ciscoios
15.2\(5b\)e
ciscoios
15.2\(5c\)e
ciscoios
15.2\(6\)e
ciscoios
15.2\(6\)e0a
ciscoios
15.2\(6\)e0c
ciscoios
15.2\(6\)e1
ciscoios
15.2\(6\)e1a
ciscoios
15.2\(6\)e1s
ciscoios
15.3\(3\)ja1n
ciscoios
15.3\(3\)jd15
ciscoios
15.3\(3\)jda15
ciscoios
15.3\(3\)jf35
ciscoios
15.3\(3\)ji
ciscoios
15.3\(3\)ji2
ciscoios
15.3\(3\)jn1
ciscoios
15.3\(3\)jn2
ciscoios
15.5\(3\)s1
ciscoios
15.5\(3\)s1a
ciscoios
15.5\(3\)s2
ciscoios
15.5\(3\)s3
ciscoios
15.5\(3\)s4
ciscoios
15.5\(3\)s5
ciscoios
15.5\(3\)s6
ciscoios
15.5\(3\)s6a
ciscoios
15.5\(3\)s6b
ciscoios
15.5\(3\)s7
ciscoios
15.6\(1\)s
ciscoios
15.6\(1\)s1
ciscoios
15.6\(1\)s2
ciscoios
15.6\(1\)s3
ciscoios
15.6\(1\)s4
ciscoios
15.6\(1\)sn
ciscoios
15.6\(1\)sn1
ciscoios
15.6\(1\)sn2
ciscoios
15.6\(1\)sn3
ciscoios
15.6\(1\)t
ciscoios
15.6\(1\)t0a
ciscoios
15.6\(1\)t1
ciscoios
15.6\(1\)t2
ciscoios
15.6\(1\)t3
ciscoios
15.6\(2\)s
ciscoios
15.6\(2\)s1
ciscoios
15.6\(2\)s2
ciscoios
15.6\(2\)s3
ciscoios
15.6\(2\)s4
ciscoios
15.6\(2\)sn
ciscoios
15.6\(2\)sp
ciscoios
15.6\(2\)sp1
ciscoios
15.6\(2\)sp2
ciscoios
15.6\(2\)sp3
ciscoios
15.6\(2\)sp3b
ciscoios
15.6\(2\)sp4
ciscoios
15.6\(2\)t
ciscoios
15.6\(2\)t0a
ciscoios
15.6\(2\)t1
ciscoios
15.6\(2\)t2
ciscoios
15.6\(2\)t3
ciscoios
15.6\(3\)m
ciscoios
15.6\(3\)m0a
ciscoios
15.6\(3\)m1
ciscoios
15.6\(3\)m1a
ciscoios
15.6\(3\)m1b
ciscoios
15.6\(3\)m2
ciscoios
15.6\(3\)m2a
ciscoios
15.6\(3\)m3
ciscoios
15.6\(3\)m3a
ciscoios
15.6\(3\)m4
ciscoios
15.6\(3\)sn
ciscoios
15.6\(4\)sn
ciscoios
15.6\(5\)sn
ciscoios
15.6\(6\)sn
ciscoios
15.6\(7\)sn
ciscoios
15.7\(3\)m
ciscoios
15.7\(3\)m0a
ciscoios
15.7\(3\)m1
ciscoios
15.7\(3\)m2
ciscoios_xe
3.6.4e:e
ciscoios_xe
3.6.5ae:ae
ciscoios_xe
3.6.5be:be
ciscoios_xe
3.6.5e:e
ciscoios_xe
3.6.6e:e
ciscoios_xe
3.6.7ae:ae
ciscoios_xe
3.6.7be:be
ciscoios_xe
3.6.7e:e
ciscoios_xe
3.6.8e:e
ciscoios_xe
3.7.4e:e
ciscoios_xe
3.7.5e:e
ciscoios_xe
3.8.2e:e
ciscoios_xe
3.8.3e:e
ciscoios_xe
3.8.4e:e
ciscoios_xe
3.8.5ae:ae
ciscoios_xe
3.8.5e:e
ciscoios_xe
3.8.6e:e
ciscoios_xe
3.9.0e:e
ciscoios_xe
3.9.1e:e
ciscoios_xe
3.9.2be:be
ciscoios_xe
3.9.2e:e
ciscoios_xe
3.10.0ce:ce
ciscoios_xe
3.10.0e:e
ciscoios_xe
3.10.1ae:ae
ciscoios_xe
3.10.1e:e
ciscoios_xe
3.10.1se:se
ciscoios_xe
3.16.1as:as
ciscoios_xe
3.16.1s:s
ciscoios_xe
3.16.2as:as
ciscoios_xe
3.16.2bs:bs
ciscoios_xe
3.16.2s:s
ciscoios_xe
3.16.3as:as
ciscoios_xe
3.16.3s:s
ciscoios_xe
3.16.4as:as
ciscoios_xe
3.16.4bs:bs
ciscoios_xe
3.16.4cs:cs
ciscoios_xe
3.16.4ds:ds
ciscoios_xe
3.16.4es:es
ciscoios_xe
3.16.4gs:gs
ciscoios_xe
3.16.4s:s
ciscoios_xe
3.16.5as:as
ciscoios_xe
3.16.5bs:bs
ciscoios_xe
3.16.5s:s
ciscoios_xe
3.16.6bs:bs
ciscoios_xe
3.16.6s:s
ciscoios_xe
3.16.7as:as
ciscoios_xe
3.16.7bs:bs
ciscoios_xe
3.16.7s:s
ciscoios_xe
3.17.0s:s
ciscoios_xe
3.17.1as:as
ciscoios_xe
3.17.1s:s
ciscoios_xe
3.17.3s:s
ciscoios_xe
3.17.4s:s
ciscoios_xe
3.18.0as:as
ciscoios_xe
3.18.0s:s
ciscoios_xe
3.18.0sp:sp
ciscoios_xe
3.18.1asp:asp
ciscoios_xe
3.18.1bsp:bsp
ciscoios_xe
3.18.1csp:csp
ciscoios_xe
3.18.1gsp:gsp
ciscoios_xe
3.18.1hsp:hsp
ciscoios_xe
3.18.1isp:isp
ciscoios_xe
3.18.1s:s
ciscoios_xe
3.18.1sp:sp
ciscoios_xe
3.18.2asp:asp
ciscoios_xe
3.18.2s:s
ciscoios_xe
3.18.2sp:sp
ciscoios_xe
3.18.3asp:asp
ciscoios_xe
3.18.3bsp:bsp
ciscoios_xe
3.18.3s:s
ciscoios_xe
3.18.3sp:sp
ciscoios_xe
3.18.4s:s
ciscoios_xe
3.18.4sp:sp
ciscoios_xe
16.2.1
ciscoios_xe
16.2.2
ciscoios_xe
16.3.1
ciscoios_xe
16.3.1a:a
ciscoios_xe
16.3.2
ciscoios_xe
16.3.3
ciscoios_xe
16.3.4
ciscoios_xe
16.3.5
ciscoios_xe
16.3.5b:b
ciscoios_xe
16.3.6
ciscoios_xe
16.4.1
ciscoios_xe
16.4.2
ciscoios_xe
16.4.3
ciscoios_xe
16.5.1
ciscoios_xe
16.5.1a:a
ciscoios_xe
16.5.1b:b
ciscoios_xe
16.5.2
ciscoios_xe
16.5.3
ciscoios_xe
16.6.1
ciscoios_xe
16.6.2
ciscoios_xe
16.6.3
ciscoios_xe
16.7.1
ciscoios_xe
16.7.1a:a
ciscoios_xe
16.7.1b:b
ciscoios_xe
16.7.2
ciscoios_xe
16.8.1
ciscoios_xe
16.8.1a:a
ciscoios_xe
16.8.1b:b
ciscoios_xe
16.8.1c:c
ciscoios_xe
16.8.1d:d
ciscoios_xe
16.8.1s:s
ciscoios_xe
16.8.2
ciscoios_xe
16.9.1b:b
ciscoios_xe
16.9.1c:c
ciscoios_xe
16.9.1s:s
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/107617
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-call-home-cert
http://www.securityfocus.com/bid/107617
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-call-home-cert