PT-2019-1753 · Cisco · Cisco Ios Xe+1

Published

2019-03-27

Updated

2019-10-09

CVE-2019-1762

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cisco IOS and IOS XE Software (affected versions not specified)

Description The issue is related to the Secure Storage feature of Cisco IOS and IOS XE Software, where improper memory operations performed at encryption time could allow an authenticated, local attacker to access sensitive system information on an affected device. An attacker could exploit this by retrieving the contents of specific memory locations, potentially disclosing keying materials that are part of the device configuration, which can be used to recover critical system information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BDU:2019-01393

CVE-2019-1762

Affected Products

Cisco Ios

Cisco Ios Xe

PT-2019-1753 · Cisco · Cisco Ios Xe+1

CVE-2019-1762

Weakness Enumeration

Related Identifiers

Affected Products

References · 6