How severe is CVE-2019-1809?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.4 out of 10.

What type of vulnerability is CVE-2019-1809?

This is classified as CWE-347, which is a common weakness in software security.

CVE-2019-1809

MEDIUM Year: 2019

CVSS v3 Score

6.4

Medium

CVSS v2 Score

4.6

Medium

Weakness Type

CWE-347

View all →

Vulnerability Description

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by crafting an unsigned software patch to bypass signature checks and loading it on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image.

CVE-2018-18203

MEDIUM

CVSS:6.4(Medium)

A vulnerability in the update mechanism of Subaru StarLink Harman head units 2017, 2018, and 2019 may give an attacker (with physical access to the vehicle's USB ports) the ability to rewrite the firm...

CWE-3472018

CVE-2020-15705

MEDIUM

CVSS:6.4(Medium)

GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported direct...

CWE-3472020

CVE-2021-34709

MEDIUM

CVSS:6.4(Medium)

Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software fo...

CWE-3472021

CVE-2022-47549

MEDIUM

CVSS:6.4(Medium)

An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) before 3.20 allows a physically proximate adversary to bypass signature verif...

CWE-3472022

CVE-2024-2451

MEDIUM

CVSS:6.4(Medium)

Improper fingerprint validation in the TeamViewer Client (Full & Host) prior Version 15.54 for Windows and macOS allows an attacker with administrative user rights to further elevate privileges via ex...

CWE-3472024

CVE-2017-10669

MEDIUM

CVSS:6.5(Medium)

Signature Wrapping exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). An attacker with access to unencrypted OSCI protocol messages must...

CWE-3472017

CVE-2019-1809

Vulnerability Description

Related Vulnerabilities

CVE-2018-18203

CVE-2020-15705

CVE-2021-34709

CVE-2022-47549

CVE-2024-2451

CVE-2017-10669