CVE-2019-1842

Name: CVE-2019-1842
Creator: NVD / NIST
Published: 2019-06-05T17:29:00.43+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 5.4/10EPSS 1.21%

Last modified Jun 17, 2026

CVE-2019-1842 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. A vulnerability in the Secure Shell (SSH) authentication function of Cisco IOS XR Software could allow an authenticated, remote attacker to successfully log in to an affected device using two distinct usernames. The vulnerability is due to a logic error that may occur when certain sequences of actions are processed during an SSH login event on the affected device. EPSS estimates a 1.21% chance of exploitation in the next 30 days.

Description

A vulnerability in the Secure Shell (SSH) authentication function of Cisco IOS XR Software could allow an authenticated, remote attacker to successfully log in to an affected device using two distinct usernames. The vulnerability is due to a logic error that may occur when certain sequences of actions are processed during an SSH login event on the affected device. An attacker could exploit this vulnerability by initiating an SSH session to the device with a specific sequence that presents the two usernames. A successful exploit could result in logging data misrepresentation, user enumeration, or, in certain circumstances, a command authorization bypass. See the Details section for more information.

Metrics

CVSS 3.1

5.4/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

EPSS Probability

1.21%

64.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Cisco	Ios Xr Firmware	6.1.2.tools
Cisco	Ios Xr Firmware	6.1.3.tools
Cisco	Ios Xr Firmware	6.2.3.tools
Cisco	Ios Xr Firmware	6.4.2.tools

References

http://www.securityfocus.com/bid/108687Third Party Advisory, VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-iosxr-sshVendor Advisory
http://www.securityfocus.com/bid/108687Third Party Advisory, VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-iosxr-sshVendor Advisory

Timeline

Published: Jun 5, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2019-1842?

How severe is CVE-2019-1842?

CVE-2019-1842 has a CVSS score of 5.4/10 (MEDIUM severity). The EPSS model estimates a 1.21% probability of exploitation in the next 30 days.

How do I fix CVE-2019-1842?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-1842?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST