What is CVE-2019-12671?

CVE-2019-12671 is a high-severity vulnerability in Cisco 4321\/k9_integrated_services_router, classified under Improper Authorization. CVSS score: 7.8/10. Published 2019-09-25.

How severe is CVE-2019-12671?

High severity. CVSS v3 base score is 7.8 out of 10.

Auth bypass in Cisco 4321\/k9_integrated_services_router

CVE-2019-12671

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system (OS). The vulnerability is due to insuffici…

EPSS: 0.004 (26.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Cisco 4321\/k9_integrated_services_router
Cisco 4321\/k9-rf_integrated_services_router
Cisco 4321\/k9-ws_integrated_services_router
Cisco 4331\/k9_integrated_services_router
Cisco 4331\/k9-rf_integrated_services_router
Cisco 4331\/k9-ws_integrated_services_router
Cisco 4351\/k9_integrated_services_router
Cisco 4351\/k9-rf_integrated_services_router
Cisco 4351\/k9-ws_integrated_services_router
Cisco Asr1001-hx

Weakness classification (CWE)

CWE-285 — Improper Authorization
CWE-863 — Incorrect Authorization

References

psirt@cisco.com (x_refsource_CISCO, vendor-advisory, Vendor Advisory)

Frequently asked questions

What is CVE-2019-12671?: CVE-2019-12671 is a high-severity vulnerability in Cisco 4321\/k9_integrated_services_router, classified under Improper Authorization. CVSS score: 7.8/10. Published 2019-09-25.
How severe is CVE-2019-12671?: High severity. CVSS v3 base score is 7.8 out of 10.