Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-15998

A vulnerability in the access-control logic of the NETCONF over Secure Shell (SSH) of Cisco IOS XR Software may allow connections despite an access control list (ACL) that is configured to deny access to the NETCONF over SSH of an affected device. The vulnerability is due to a missing check in the NETCONF over SSH access control list (ACL). An attacker could exploit this vulnerability by connecting to an affected device using NETCONF over SSH. A successful exploit could allow the attacker to connect to the device on the NETCONF port. Valid credentials are required to access the device. This vulnerability does not affect connections to the default SSH process on the device.

Published

2019-11-26T04:15:12.547

Last Modified

2024-11-21T04:29:54.100

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-284
Type: Primary
CWE-862

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	ios_xr	6.5.1	Yes
Operating System	cisco	ios_xr	6.5.2	Yes
Operating System	cisco	ios_xr	6.5.3	Yes
Hardware	cisco	asr_9001	-	No
Hardware	cisco	asr_9006	-	No
Hardware	cisco	asr_9010	-	No
Hardware	cisco	asr_9901	-	No
Hardware	cisco	asr_9904	-	No
Hardware	cisco	asr_9912	-	No
Hardware	cisco	asr_9922	-	No

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-iosxr-ssh-bypass Vendor Advisory ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-iosxr-ssh-bypass Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)