CVE-2019-1743

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software (affected versions not specified)

Description A vulnerability in the web UI framework of Cisco IOS XE Software could allow an authenticated, remote attacker to make unauthorized changes to the filesystem of the affected device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by crafting a malicious file and uploading it to the device. An exploit could allow the attacker to gain elevated privileges on the affected device.

Recommendations For Cisco IOS XE Software, update to a version that includes the software updates released by Cisco to address this vulnerability. At the moment, there is no information about specific affected versions that contains a fix for this vulnerability, however, it is recommended to follow the Cisco Security Advisory for the March 27, 2019, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication for more information on the fixed software updates.