Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2019-12662
HistorySep 25, 2019 - 9:15 p.m.

CVE-2019-12662

2019-09-2521:15:11
CWE-347
[email protected]
web.nvd.nist.gov
50
cve-2019-12662
cisco
nx-os
ios xe
vulnerability
local attacker
signature verification
ova
nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper signature verification during the installation of an Open Virtual Appliance (OVA) image. An authenticated, local attacker could exploit this vulnerability and load a malicious, unsigned OVA image on an affected device. A successful exploit could allow an attacker to perform code execution on a crafted software OVA image.

Affected configurations

NVD
Node
ciscoios_xeMatch16.8.1
Node
cisconx-osMatch8.1\(0.2\)s0
OR
cisconx-osMatch8.1\(1\)
OR
cisconx-osMatch8.1\(1\)s5
AND
ciscomds_9000Match-
Node
cisconx-osMatch8.1\(0\)bd\(0.20\)
AND
cisconexus_9000vMatch-
OR
cisconexus_92160yc-xMatch-
OR
cisconexus_92300ycMatch-
OR
cisconexus_92304qcMatch-
OR
cisconexus_92348gc-xMatch-
OR
cisconexus_9236cMatch-
OR
cisconexus_9272qMatch-
OR
cisconexus_93108tc-exMatch-
OR
cisconexus_93108tc-fxMatch-
OR
cisconexus_93120txMatch-
OR
cisconexus_93128txMatch-
OR
cisconexus_93180lc-exMatch-
OR
cisconexus_93180yc-exMatch-
OR
cisconexus_93180yc-fxMatch-
OR
cisconexus_93216tc-fx2Match-
OR
cisconexus_93240yc-fx2Match-
OR
cisconexus_9332cMatch-
OR
cisconexus_9332pqMatch-
OR
cisconexus_93360yc-fx2Match-
OR
cisconexus_9336c-fx2Match-
OR
cisconexus_9336pq_aci_spineMatch-
OR
cisconexus_9348gc-fxpMatch-
OR
cisconexus_9364cMatch-
OR
cisconexus_9372pxMatch-
OR
cisconexus_9372px-eMatch-
OR
cisconexus_9372txMatch-
OR
cisconexus_9372tx-eMatch-
OR
cisconexus_9396pxMatch-
OR
cisconexus_9396txMatch-
OR
cisconexus_9504Match-
OR
cisconexus_9508Match-
OR
cisconexus_9516Match-
Node
cisconexus_3016_firmwareMatch-
AND
cisconexus_3016Match-
Node
cisconexus_3048_firmwareMatch-
AND
cisconexus_3048Match-
Node
cisconexus_3064_firmwareMatch-
AND
cisconexus_3064Match-
Node
cisconexus_3064-t_firmwareMatch-
AND
cisconexus_3064-tMatch-
Node
cisconexus_31108pc-v_firmwareMatch-
AND
cisconexus_31108pc-vMatch-
Node
cisconexus_31108tc-v_firmwareMatch-
AND
cisconexus_31108tc-vMatch-
Node
cisconexus_31128pq_firmwareMatch-
AND
cisconexus_31128pqMatch-
Node
cisconexus_3132c-z_firmwareMatch-
AND
cisconexus_3132c-zMatch-
Node
cisconexus_3132q_firmwareMatch-
AND
cisconexus_3132qMatch-
Node
cisconexus_3132q-v_firmwareMatch-
AND
cisconexus_3132q-vMatch-
Node
cisconexus_3132q-xl_firmwareMatch-
AND
cisconexus_3132q-xlMatch-
Node
cisconexus_3164q_firmwareMatch-
AND
cisconexus_3164qMatch-
Node
cisconexus_3172_firmwareMatch-
AND
cisconexus_3172Match-
Node
cisconexus_3172pq-xl_firmwareMatch-
AND
cisconexus_3172pq-xlMatch-
Node
cisconexus_3172tq_firmwareMatch-
AND
cisconexus_3172tqMatch-
Node
cisconexus_3172tq-32t_firmwareMatch-
AND
cisconexus_3172tq-32tMatch-
Node
cisconexus_3172tq-xl_firmwareMatch-
AND
cisconexus_3172tq-xlMatch-
Node
cisconexus_3232c_firmwareMatch-
AND
cisconexus_3232cMatch-
Node
cisconexus_3264c-e_firmwareMatch-
AND
cisconexus_3264c-eMatch-
Node
cisconexus_3264q_firmwareMatch-
AND
cisconexus_3264qMatch-
Node
cisconexus_3408-s_firmwareMatch-
AND
cisconexus_3408-sMatch-
Node
cisconexus_34180yc_firmwareMatch-
AND
cisconexus_34180ycMatch-
Node
cisconexus_34200yc-sm_firmwareMatch-
AND
cisconexus_34200yc-smMatch-
Node
cisconexus_3432d-s_firmwareMatch-
AND
cisconexus_3432d-sMatch-
Node
cisconexus_3464c_firmwareMatch-
AND
cisconexus_3464cMatch-
Node
cisconexus_3524_firmwareMatch-
AND
cisconexus_3524Match-
Node
cisconexus_3524-x_firmwareMatch-
AND
cisconexus_3524-xMatch-
Node
cisconexus_3524-xl_firmwareMatch-
AND
cisconexus_3524-xlMatch-
Node
cisconexus_3548_firmwareMatch-
AND
cisconexus_3548Match-
Node
cisconexus_3548-x_firmwareMatch-
AND
cisconexus_3548-xMatch-
Node
cisconexus_3548-xl_firmwareMatch-
AND
cisconexus_3548-xlMatch-
Node
cisconexus_5548p_firmwareMatch-
AND
cisconexus_5548pMatch-
Node
cisconexus_5548up_firmwareMatch-
AND
cisconexus_5548upMatch-
Node
cisconexus_5596t_firmwareMatch-
AND
cisconexus_5596tMatch-
Node
cisconexus_5596up_firmwareMatch-
AND
cisconexus_5596upMatch-
Node
cisconexus_56128p_firmwareMatch-
AND
cisconexus_56128pMatch-
Node
cisconexus_5624q_firmwareMatch-
AND
cisconexus_5624qMatch-
Node
cisconexus_5648q_firmwareMatch-
AND
cisconexus_5648qMatch-
Node
cisconexus_5672up_firmwareMatch-
AND
cisconexus_5672upMatch-
Node
cisconexus_5696q_firmwareMatch-
AND
cisconexus_5696qMatch-
Node
cisconexus_6001_firmwareMatch-
AND
cisconexus_6001Match-
Node
cisconexus_6004_firmwareMatch-
AND
cisconexus_6004Match-
Node
cisconexus_7000_10-slot_firmwareMatch-
AND
cisconexus_7000_10-slotMatch-
Node
cisconexus_7000_18-slot_firmwareMatch-
AND
cisconexus_7000_18-slotMatch-
Node
cisconexus_7000_4-slot_firmwareMatch-
AND
cisconexus_7000_4-slotMatch-
Node
cisconexus_7000_9-slot_firmwareMatch-
AND
cisconexus_7000_9-slotMatch-
Node
cisconexus_7700_10-slot_firmwareMatch-
AND
cisconexus_7700_10-slotMatch-
Node
cisconexus_7700_18-slot_firmwareMatch-
AND
cisconexus_7700_18-slotMatch-
Node
cisconexus_7700_2-slot_firmwareMatch-
AND
cisconexus_7700_2-slotMatch-
Node
cisconexus_7700_6-slot_firmwareMatch-
AND
cisconexus_7700_6-slotMatch-
CPENameOperatorVersion
cisco:ios_xecisco ios xeeq16.8.1

CNA Affected

[
  {
    "product": "Cisco NX-OS Software 6.0(2)A1(1)",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "n/a",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Related

nessus 2
cisco 1
prion 1
nvd 1
cvelist 1
nessus
nessus
Cisco NX-OS and IOS XE Software Virtual Service Image Signature Bypass (CVE-2019-12662)
2023-07-25 00:00:00
Cisco NX-OS Software Virtual Service Image Signature Bypass Vulnerability
2019-10-04 00:00:00
cisco
cisco
Cisco NX-OS and IOS XE Software Virtual Service Image Signature Bypass Vulnerability
2019-09-25 16:00:00
prion
prion
Design/Logic Flaw
2019-09-25 21:15:00
nvd
nvd
CVE-2019-12662
2019-09-25 21:15:11
cvelist
cvelist
CVE-2019-12662 Cisco NX-OS and IOS XE Software Virtual Service Image Signature Bypass Vulnerability
2019-09-25 00:00:00

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for CVE-2019-12662
nessus2cisco1prion1nvd1cvelist1