How severe is CVE-2019-1756?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2019-1756?

This is classified as CWE-20, which is a common weakness in software security.

CVE-2019-1756 - HIGH Severity | CVSS 7.2

Vulnerability Description

A vulnerability in Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying a username with a malicious payload in the web UI and subsequently making a request to a specific endpoint in the web UI. A successful exploit could allow the attacker to run arbitrary commands as the root user, allowing complete compromise of the system.

Related Vulnerabilities

CVE-2011-3611

HIGH

CVSS:7.2(High)

A File Inclusion vulnerability exists in act parameter to admin.php in UseBB before 1.0.12.

CWE-202011

CVE-2014-5362

HIGH

CVSS:7.2(High)

The admin interface in Landesk Management Suite 9.6 and earlier allows remote attackers to conduct remote file inclusion attacks involving ASPX pages from third-party sites via the d parameter to (1) ...

CWE-202014

CVE-2015-2202

HIGH

CVSS:7.2(High)

Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS.

CWE-202015

CVE-2016-3654

HIGH

CVSS:7.2(High)

The device management command line interface (CLI) in Palo Alto Networks PAN-OS before 5.0.18, 5.1.x before 5.1.11, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote aut...

CWE-202016

CVE-2016-5840

HIGH

CVSS:7.2(High)

hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename ...

CWE-202016

CVE-2017-12148

HIGH

CVSS:7.2(High)

A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacke...

CWE-202017