CVE-2019-1757

Name of the Vulnerable Software and Affected Versions Cisco IOS and IOS XE Software (affected versions not specified)

Description A vulnerability in the Cisco Smart Call Home feature could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid certificate. The issue is due to insufficient certificate validation by the affected software. An attacker could exploit this by supplying a crafted certificate to an affected device, potentially allowing man-in-the-middle attacks to decrypt confidential information on user connections.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.