Rewterz Threat Alert – Elaborate Crypto Trading Scheme to Install Malware
October 15, 2019Rewterz Threat Alert – Fallout Exploit Kit and Raccoon Stealer – IoCs
October 15, 2019Rewterz Threat Alert – Elaborate Crypto Trading Scheme to Install Malware
October 15, 2019Rewterz Threat Alert – Fallout Exploit Kit and Raccoon Stealer – IoCs
October 15, 2019Severity
High
Analysis Summary
CVE-2019-12650
The vulnerability exists because the affected software improperly sanitizes user-supplied input. An attacker who has valid administrator-level access (level 15) to an affected device could exploit this vulnerability by supplying a crafted input parameter on a form in the Web UI and then submitting that form. A successful exploit could allow the attacker to run arbitrary commands on the device with root privileges, which may lead to complete system compromise.
CVE-2019-12651
The vulnerability exists because the affected software improperly sanitizes user-supplied input. An attacker could exploit this vulnerability by supplying a crafted input parameter on a form in the Web UI and then submitting that form. A successful exploit could allow the attacker to execute arbitrary Cisco IOS commands as a privilege level 15 user.
Impact
Execution of arbitrary code
Affected Vendors
Cisco
Affected Products
Cisco IOS XE with the HTTP Server feature enabled
Remediation
Please see vendor’s advisory for more details