Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCiscoCVE-2019-1589
HistoryMay 03, 2019 - 3:29 p.m.

CVE-2019-1589

2019-05-0315:29:00
CWE-200
CWE-311
cisco
web.nvd.nist.gov
32
cisco nexus 9000
tpm
vulnerability
aci
data protection
disk encryption
nvd

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

4.6

Confidence

High

EPSS

0.001

Percentile

27.8%

JSON

A vulnerability in the Trusted Platform Module (TPM) functionality of software for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, local attacker with physical access to view sensitive information on an affected device. The vulnerability is due to a lack of proper data-protection mechanisms for disk encryption keys that are used within the partitions on an affected device hard drive. An attacker could exploit this vulnerability by obtaining physical access to the affected device to view certain cleartext keys. A successful exploit could allow the attacker to execute a custom boot process or conduct further attacks on an affected device.

Affected configurations

Nvd
Vulners
Node
cisconx-osMatch8.3\(0\)sk\(0.39\)
AND
cisconexus_9000Match-
OR
cisconexus_92160yc-xMatch-
OR
cisconexus_92300ycMatch-
OR
cisconexus_92304qcMatch-
OR
cisconexus_9236cMatch-
OR
cisconexus_9272qMatch-
OR
cisconexus_93108tc-exMatch-
OR
cisconexus_93108tc-fxMatch-
OR
cisconexus_93120txMatch-
OR
cisconexus_93128txMatch-
OR
cisconexus_93180lc-exMatch-
OR
cisconexus_93180yc-exMatch-
OR
cisconexus_93180yc-fxMatch-
OR
cisconexus_93240yc-fx2Match-
OR
cisconexus_9332cMatch-
OR
cisconexus_9332pqMatch-
OR
cisconexus_9336c-fx2Match-
OR
cisconexus_9336pqMatch-
OR
cisconexus_9348gc-fxpMatch-
OR
cisconexus_9364cMatch-
OR
cisconexus_9372pxMatch-
OR
cisconexus_9372px-eMatch-
OR
cisconexus_9372txMatch-
OR
cisconexus_9372tx-eMatch-
OR
cisconexus_9396pxMatch-
OR
cisconexus_9396txMatch-
OR
cisconexus_9508Match-
VendorProductVersionCPE
cisconx-os8.3(0)sk(0.39)cpe:2.3:o:cisco:nx-os:8.3\(0\)sk\(0.39\):*:*:*:*:*:*:*
cisconexus_9000-cpe:2.3:h:cisco:nexus_9000:-:*:*:*:*:*:*:*
cisconexus_92160yc-x-cpe:2.3:h:cisco:nexus_92160yc-x:-:*:*:*:*:*:*:*
cisconexus_92300yc-cpe:2.3:h:cisco:nexus_92300yc:-:*:*:*:*:*:*:*
cisconexus_92304qc-cpe:2.3:h:cisco:nexus_92304qc:-:*:*:*:*:*:*:*
cisconexus_9236c-cpe:2.3:h:cisco:nexus_9236c:-:*:*:*:*:*:*:*
cisconexus_9272q-cpe:2.3:h:cisco:nexus_9272q:-:*:*:*:*:*:*:*
cisconexus_93108tc-ex-cpe:2.3:h:cisco:nexus_93108tc-ex:-:*:*:*:*:*:*:*
cisconexus_93108tc-fx-cpe:2.3:h:cisco:nexus_93108tc-fx:-:*:*:*:*:*:*:*
cisconexus_93120tx-cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*
Rows per page:
1-10 of 281

CNA Affected

[
  {
    "product": "Cisco NX-OS Software for Nexus 9000 Series Fabric Switches ACI Mode",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "8.3(0)SK(0.39)"
      }
    ]
  }
]

Related

prion 1
cisco 1
cvelist 1
nvd 1
nessus 1
prion
prion
Hardcoded credentials
2019-05-03 15:29:00
cisco
cisco
Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Unmeasured Boot Vulnerability
2019-05-01 16:00:00
cvelist
cvelist
CVE-2019-1589 Cisco Nexus 9000 Series FabricΒ Switches Application Centric Infrastructure Mode Unmeasured Boot Vulnerability
2019-05-03 14:50:32
nvd
nvd
CVE-2019-1589
2019-05-03 15:29:00
nessus
nessus
Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Unmeasured Boot (CVE-2019-1589)
2023-07-25 00:00:00

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

4.6

Confidence

High

EPSS

0.001

Percentile

27.8%

JSON
Related for CVE-2019-1589
prion1cisco1cvelist1nvd1nessus1