CVE Vulnerabilities

CVE-2019-12662

Improper Verification of Cryptographic Signature

Published: Sep 25, 2019 | Modified: Oct 09, 2019
CVSS 3.x
6.7
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper signature verification during the installation of an Open Virtual Appliance (OVA) image. An authenticated, local attacker could exploit this vulnerability and load a malicious, unsigned OVA image on an affected device. A successful exploit could allow an attacker to perform code execution on a crafted software OVA image.

Weakness

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

Affected Software

Name Vendor Start Version End Version
Ios_xe Cisco 16.8.1 (including) 16.8.1 (including)

References