How severe is CVE-2019-12671?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.7 out of 10.

What type of vulnerability is CVE-2019-12671?

This is classified as CWE-285, which is a common weakness in software security.

CVE-2019-12671 - MEDIUM Severity | CVSS 6.7

Vulnerability Description

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system (OS). The vulnerability is due to insufficient enforcement of the consent token in authorizing shell access. An attacker could exploit this vulnerability by authenticating to the CLI and requesting shell access on an affected device. A successful exploit could allow the attacker to gain shell access on the affected device and execute commands on the underlying OS.

Related Vulnerabilities

CVE-2022-34434

MEDIUM

CVSS:6.7(Medium)

Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. A threat actor with root level access to either the vApp or c...

CWE-2852022

CVE-2023-28385

MEDIUM

CVSS:6.7(Medium)

Improper authorization in the Intel(R) NUC Pro Software Suite for Windows before version 2.0.0.9 may allow a privileged user to potentially enable escalation of privilage via local access.

CWE-2852023

CVE-2023-32662

MEDIUM

CVSS:6.7(Medium)

Improper authorization in some Intel Battery Life Diagnostic Tool installation software before version 2.2.1 may allow a privilaged user to potentially enable escalation of privilege via local access.

CWE-2852023

CVE-2023-38135

MEDIUM

CVSS:6.7(Medium)

Improper authorization in some Intel(R) PM software may allow a privileged user to potentially enable escalation of privilege via local access.

CWE-2852023

CVE-2019-1851

MEDIUM

CVSS:6.8(Medium)

A vulnerability in the External RESTful Services (ERS) API of the Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to generate arbitrary certificates signed by the In...

CWE-2852019

CVE-2020-9081

MEDIUM

CVSS:6.8(Medium)

There is an improper authorization vulnerability in some Huawei smartphones. An attacker could perform a series of operation in specific mode to exploit this vulnerability. Successful exploit could al...

CWE-2852020