Home

CVE-2019-1681

Description

A vulnerability in the TFTP service of Cisco Network Convergence System 1000 Series software could allow an unauthenticated, remote attacker to retrieve arbitrary files from the targeted device, possibly resulting in information disclosure. The vulnerability is due to improper validation of user-supplied input within TFTP requests processed by the affected software. An attacker could exploit this vulnerability by using directory traversal techniques in malicious requests sent to the TFTP service on a targeted device. An exploit could allow the attacker to retrieve arbitrary files from the targeted device, resulting in the disclosure of sensitive information. This vulnerability affects Cisco IOS XR Software releases prior to Release 6.5.2 for Cisco Network Convergence System 1000 Series devices when the TFTP service is enabled.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
10.523

Associated Vulnerability

VulnerabilityOS Platform
Cisco Network Convergence System 1000 Series TFTP Directory Traversal Vulnerability For Cisco Network Convergence System 1000 SeriesNCM
Cisco Network Convergence System 1000 Series TFTP Directory Traversal Vulnerability For Cisco Carrier Routing SystemNCM
Cisco Network Convergence System 1000 Series TFTP Directory Traversal Vulnerability For Cisco ASR 9000 Series Aggregation Services RoutersNCM
Cisco Network Convergence System 1000 Series TFTP Directory Traversal Vulnerability For Cisco Network Convergence System 6000 Series RoutersNCM
Cisco Network Convergence System 1000 Series TFTP Directory Traversal Vulnerability For Cisco IOS XRv 9000 RouterNCM
Cisco Network Convergence System 1000 Series TFTP Directory Traversal Vulnerability For Cisco Network Convergence System 5000 SeriesNCM
Cisco Network Convergence System 1000 Series TFTP Directory Traversal Vulnerability For Cisco Network Convergence System 5500 SeriesNCM
Cisco Network Convergence System 1000 Series TFTP Directory Traversal Vulnerability For Cisco Network Convergence System 500 Series RoutersNCM
Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability (CVE-2019-1681)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-1705124Security Update for Cisco Network Convergence System 1000 Series 7.2.1.9i.ROUT
PATCH-1705675Security Update for Cisco Carrier Routing System 5.3.1
PATCH-1705564Security Update for Cisco ASR 9000 Series Aggregation Services Routers 5.3.0.1i.BASE
PATCH-1705630Security Update for Cisco Network Convergence System 6000 Series Routers 6.1.4
PATCH-1705219Security Update for Cisco IOS XRv 9000 Router 7.1.2.1i.BASE
PATCH-1706021Security Update for Cisco Network Convergence System 5000 Series 6.2.1.21i.BASE
PATCH-1705220Security Update for Cisco Network Convergence System 5500 Series 7.1.2.1i.BASE
PATCH-1705229Security Update for Cisco Network Convergence System 500 Series Routers 7.2.1.21i.BASE

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234