QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2019-1757

Back to search

CVE-2019-1757

Published: Mar 28, 2019

Modified: Nov 15, 2024

PUBLISHED

Description

A vulnerability in the Cisco Smart Call Home feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software.

VendorProductVersions

Cisco

Cisco IOS and IOS XE Software

affected
3.6.4E
affected
3.6.5E
affected
3.6.6E
affected
3.6.5aE
affected
3.6.5bE

+104 more versions

Weaknesses (CWE)

CWE-295

References

107617
vdb-entry
x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now