How severe is CVE-2019-1842?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2019-1842?

This is classified as CWE-285, which is a common weakness in software security.

CVE-2019-1842 - MEDIUM Severity | CVSS 5.4

Vulnerability Description

A vulnerability in the Secure Shell (SSH) authentication function of Cisco IOS XR Software could allow an authenticated, remote attacker to successfully log in to an affected device using two distinct usernames. The vulnerability is due to a logic error that may occur when certain sequences of actions are processed during an SSH login event on the affected device. An attacker could exploit this vulnerability by initiating an SSH session to the device with a specific sequence that presents the two usernames. A successful exploit could result in logging data misrepresentation, user enumeration, or, in certain circumstances, a command authorization bypass. See the Details section for more information.

Related Vulnerabilities

CVE-2018-16086

MEDIUM

CVSS:5.4(Medium)

Insufficient policy enforcement in extensions API in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via...

CWE-2852018

CVE-2019-14870

MEDIUM

CVSS:5.4(Medium)

All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clien...

CWE-2852019

CVE-2020-3267

MEDIUM

CVSS:5.4(Medium)

A vulnerability in the API subsystem of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to change the availability state of any agent. The vulnerabilit...

CWE-2852020

CVE-2021-42331

MEDIUM

CVSS:5.4(Medium)

The “Study Edit” function of ShinHer StudyOnline System does not perform permission control. After logging in with user’s privilege, remote attackers can access and edit other users’ tutorial schedule...

CWE-2852021

CVE-2022-0829

MEDIUM

CVSS:5.4(Medium)

Improper Authorization in GitHub repository webmin/webmin prior to 1.990.

CWE-2852022

CVE-2022-31666

MEDIUM

CVSS:5.4(Medium)

Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users. The attacker could modify Webhook polici...

CWE-2852022