CVE-2019-12671 : A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system (OS). The vulnerability is due to insufficient enforcement of the consent token in authorizing shell access. An attacker could exploit this vulnerability by authenticating to the CLI and requesting shell access on an affected device. A successful exploit could allow the attacker to gain shell access on the affected device and execute commands on the underlying OS.

Published 2019-09-25 21:15:12

Updated 2023-05-23 13:55:46

Source Cisco Systems, Inc.

View at NVD, CVE.org

Vulnerability category: BypassGain privilege

Exploit prediction scoring system (EPSS) score for CVE-2019-12671

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2019-12671

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
6.7	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	0.8	5.9	Cisco Systems, Inc.
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2019-12671

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

Assigned by: ykramarz@cisco.com (Secondary)
CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2019-12671

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iosxe-ctbypass

Cisco IOS XE Software Consent Token Bypass Vulnerability
Vendor Advisory

Products affected by CVE-2019-12671

Cisco » Ios Xe » Version: 16.11.1
cpe:2.3:o:cisco:ios_xe:16.11.1:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » 4321/k9-rf Integrated Services Router » Version: N/A
When used together with: Cisco » 4321/k9-ws Integrated Services Router » Version: N/A
When used together with: Cisco » 4321/k9 Integrated Services Router » Version: N/A
When used together with: Cisco » 4331/k9-rf Integrated Services Router » Version: N/A
When used together with: Cisco » 4331/k9-ws Integrated Services Router » Version: N/A
When used together with: Cisco » 4331/k9 Integrated Services Router » Version: N/A
When used together with: Cisco » 4351/k9-rf Integrated Services Router » Version: N/A
When used together with: Cisco » 4351/k9-ws Integrated Services Router » Version: N/A
When used together with: Cisco » 4351/k9 Integrated Services Router » Version: N/A
When used together with: Cisco » Asr1001-hx » Version: N/A
When used together with: Cisco » Asr1001-hx-rf » Version: N/A
When used together with: Cisco » Asr1001-x » Version: N/A
When used together with: Cisco » Asr1001-x-rf » Version: N/A
When used together with: Cisco » Asr1001-x-ws » Version: N/A
When used together with: Cisco » Asr1002-hx » Version: N/A
When used together with: Cisco » Asr1002-hx-rf » Version: N/A
When used together with: Cisco » Asr1002-hx-ws » Version: N/A
When used together with: Cisco » Asr1002-x » Version: N/A
When used together with: Cisco » Asr1002-x-rf » Version: N/A
When used together with: Cisco » Asr1002-x-ws » Version: N/A
When used together with: Cisco » C1117-4p » Version: N/A
When used together with: Cisco » C1117-4plteea » Version: N/A
When used together with: Cisco » C1117-4pltela » Version: N/A
When used together with: Cisco » Encs5412/k9 » Version: N/A
When used together with: Cisco » Encs5412/k9-rf » Version: N/A
When used together with: Cisco » Sasr1k1xucmk9-1610 » Version: N/A
When used together with: Cisco » Sasr1k2xucmk9-1610 » Version: N/A
When used together with: Cisco » Sasr1khxucmk9-1610 » Version: N/A
When used together with: Cisco » Sisr1100ucmk9-1610 » Version: N/A
Cisco » Ios Xe » Version: 16.11.1 Update A
cpe:2.3:o:cisco:ios_xe:16.11.1:a:*:*:*:*:*:*
Matching versions
When used together with: Cisco » 4321/k9-rf Integrated Services Router » Version: N/A
When used together with: Cisco » 4321/k9-ws Integrated Services Router » Version: N/A
When used together with: Cisco » 4321/k9 Integrated Services Router » Version: N/A
When used together with: Cisco » 4331/k9-rf Integrated Services Router » Version: N/A
When used together with: Cisco » 4331/k9-ws Integrated Services Router » Version: N/A
When used together with: Cisco » 4331/k9 Integrated Services Router » Version: N/A
When used together with: Cisco » 4351/k9-rf Integrated Services Router » Version: N/A
When used together with: Cisco » 4351/k9-ws Integrated Services Router » Version: N/A
When used together with: Cisco » 4351/k9 Integrated Services Router » Version: N/A
When used together with: Cisco » Asr1001-hx » Version: N/A
When used together with: Cisco » Asr1001-hx-rf » Version: N/A
When used together with: Cisco » Asr1001-x » Version: N/A
When used together with: Cisco » Asr1001-x-rf » Version: N/A
When used together with: Cisco » Asr1001-x-ws » Version: N/A
When used together with: Cisco » Asr1002-hx » Version: N/A
When used together with: Cisco » Asr1002-hx-rf » Version: N/A
When used together with: Cisco » Asr1002-hx-ws » Version: N/A
When used together with: Cisco » Asr1002-x » Version: N/A
When used together with: Cisco » Asr1002-x-rf » Version: N/A
When used together with: Cisco » Asr1002-x-ws » Version: N/A
When used together with: Cisco » C1117-4p » Version: N/A
When used together with: Cisco » C1117-4plteea » Version: N/A
When used together with: Cisco » C1117-4pltela » Version: N/A
When used together with: Cisco » Encs5412/k9 » Version: N/A
When used together with: Cisco » Encs5412/k9-rf » Version: N/A
When used together with: Cisco » Sasr1k1xucmk9-1610 » Version: N/A
When used together with: Cisco » Sasr1k2xucmk9-1610 » Version: N/A
When used together with: Cisco » Sasr1khxucmk9-1610 » Version: N/A
When used together with: Cisco » Sisr1100ucmk9-1610 » Version: N/A

Vulnerability Details : CVE-2019-12671

Exploit prediction scoring system (EPSS) score for CVE-2019-12671

CVSS scores for CVE-2019-12671

CWE ids for CVE-2019-12671

References for CVE-2019-12671

Products affected by CVE-2019-12671