PT-2019-2354 · Cisco · Cisco Ios Xr

Published

2019-06-05

Updated

2020-10-16

CVE-2019-1842

CVSS v2.0

5.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Cisco IOS XR Software (affected versions not specified)

Description A logic error in the Secure Shell (SSH) authentication function could allow an authenticated, remote attacker to log in to an affected device using two distinct usernames. This error occurs when certain sequences of actions are processed during an SSH login event. An attacker could exploit this by initiating an SSH session with a specific sequence that presents the two usernames, potentially resulting in logging data misrepresentation, user enumeration, or a command authorization bypass.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authorization

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-287

Related Identifiers

BDU:2019-02129

CVE-2019-1842

Affected Products

Cisco Ios Xr

PT-2019-2354 · Cisco · Cisco Ios Xr

CVE-2019-1842

Weakness Enumeration

Related Identifiers

Affected Products

References · 5