CVE-2019-1862 (CNNVD-201905-342)
中文标题:
Cisco IOS XE Software 输入验证错误漏洞
英文标题:
Cisco IOS XE Software Web UI Command Injection Vulnerability
漏洞描述
中文描述:
Cisco IOS XE是美国思科(Cisco)公司的一套为其网络设备开发的操作系统。 Cisco IOS XE Software中的Web UI存在输入验证错误漏洞。该漏洞源于网络系统或产品未对输入的数据进行正确的验证。
英文描述:
A vulnerability in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying a crafted input parameter on a form in the Web UI and then submitting that form. A successful exploit could allow the attacker to run arbitrary commands on the device with root privileges, which may lead to complete system compromise.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Cisco | Cisco IOS XE Software | 3.2.0JA | - | - |
cpe:2.3:a:cisco:cisco_ios_xe_software:3.2.0ja:*:*:*:*:*:*:*
|
| cisco | ios_xe | 16.3.7 | - | - |
cpe:2.3:o:cisco:ios_xe:16.3.7:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
3.0 (cna)
HIGHCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2019-1862 |
2025-11-11 15:20:08 | 2025-11-11 07:35:40 |
| NVD | nvd_CVE-2019-1862 |
2025-11-11 14:56:22 | 2025-11-11 07:44:10 |
| CNNVD | cnnvd_CNNVD-201905-342 |
2025-11-11 15:10:12 | 2025-11-11 07:54:33 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 输入验证错误
- cnnvd_id: 未提取 -> CNNVD-201905-342
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 1 -> 2
- data_sources: ['cve'] -> ['cve', 'nvd']