CVE-2019-1842
Description
A vulnerability in the Secure Shell (SSH) authentication function of Cisco IOS XR Software could allow an authenticated, remote attacker to successfully log in to an affected device using two distinct usernames. The vulnerability is due to a logic error that may occur when certain sequences of actions are processed during an SSH login event on the affected device. An attacker could exploit this vulnerability by initiating an SSH session to the device with a specific sequence that presents the two usernames. A successful exploit could result in logging data misrepresentation, user enumeration, or, in certain circumstances, a command authorization bypass. See the Details section for more information.
Risk Information
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Cisco IOS XR Software Secure Shell Authentication Vulnerability For Cisco ASR 9000 Series Aggregation Services Routers | NCM |
| Cisco IOS XR Software Secure Shell Authentication Vulnerability For Cisco Network Convergence System 6000 Series Routers | NCM |
| Cisco IOS XR Software Secure Shell Authentication Vulnerability For Cisco IOS XRv 9000 Router | NCM |
| Cisco IOS XR Software Secure Shell Authentication Vulnerability For Cisco Network Convergence System 5000 Series | NCM |
| Cisco IOS XR Software Secure Shell Authentication Vulnerability For Cisco Network Convergence System 5500 Series | NCM |
| Cisco IOS XR Software Secure Shell Authentication Vulnerability For Cisco Network Convergence System 1000 Series | NCM |
| Cisco IOS XR Software Secure Shell Authentication Vulnerability For Cisco Network Convergence System 500 Series Routers | NCM |
| Cisco IOS XR Software Secure Shell Authentication Vulnerability For Cisco 8000 Series Routers | NCM |
| Improper Authentication Vulnerability (CVE-2019-1842) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1705564 | Security Update for Cisco ASR 9000 Series Aggregation Services Routers 5.3.0.1i.BASE |
| PATCH-1705630 | Security Update for Cisco Network Convergence System 6000 Series Routers 6.1.4 |
| PATCH-1705219 | Security Update for Cisco IOS XRv 9000 Router 7.1.2.1i.BASE |
| PATCH-1706021 | Security Update for Cisco Network Convergence System 5000 Series 6.2.1.21i.BASE |
| PATCH-1705220 | Security Update for Cisco Network Convergence System 5500 Series 7.1.2.1i.BASE |
| PATCH-1705124 | Security Update for Cisco Network Convergence System 1000 Series 7.2.1.9i.ROUT |
| PATCH-1705229 | Security Update for Cisco Network Convergence System 500 Series Routers 7.2.1.21i.BASE |
| PATCH-1705230 | Security Update for Cisco 8000 Series Routers 7.2.1.21i.BASE |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234