Lucene search

[email protected]CVE-2019-1728

HistoryMay 15, 2019 - 5:29 p.m.

CVE-2019-1728

2019-05-1517:29:01

CWE-347

[email protected]

web.nvd.nist.gov

cisco

fxos

nx-os

vulnerability

secure configuration validation

cve-2019-1728

nvd

system boot time

root privileges

local attacker

authenticated

arbitrary commands

administrative credentials

security

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A vulnerability in the Secure Configuration Validation functionality of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to run arbitrary commands at system boot time with the privileges of root. The vulnerability is due to a lack of proper validation of system files when the persistent configuration information is read from the file system. An attacker could exploit this vulnerability by authenticating to the device and overwriting the persistent configuration storage with malicious executable files. An exploit could allow the attacker to run arbitrary commands at system startup and those commands will run as the root user. The attacker must have valid administrative credentials for the device.

Affected configurations

NVD

Node

cisconx-osRange8.1–8.1\(1b\)

cisconx-osRange8.2–8.3\(1\)

AND

ciscomds_9000Match-

ciscomds_9100Match-

ciscomds_9200Match-

ciscomds_9500Match-

ciscomds_9700Match-

Node

cisconx-osRange7.0\(3\)i7–7.0\(3\)i7\(3\)

AND

cisconexus_3000Match-

cisconexus_3100Match-

cisconexus_3100-zMatch-

cisconexus_3100vMatch-

cisconexus_3200Match-

cisconexus_3400Match-

cisconexus_3500Match-

cisconexus_3600Match-

cisconexus_9000Match-

cisconexus_9200Match-

cisconexus_9300Match-

cisconexus_9500Match-

Node

cisconx-osRange6.0\(2\)a8–6.0\(2\)a8\(11\)

cisconx-osRange7.0\(3\)–7.0\(3\)i7\(3\)

AND

cisconexus_3524-xMatch-

cisconexus_3524-xlMatch-

cisconexus_3548-xMatch-

cisconexus_3548-xlMatch-

Node

cisconx-osRange7.3–7.3\(4\)n1\(1\)

AND

cisconexus_5500Match-

cisconexus_5600Match-

cisconexus_6000Match-

Node

cisconx-osRange6.2–6.2\(22\)

cisconx-osRange7.2–7.3\(3\)d1\(1\)

cisconx-osRange8.0–8.3\(1\)

AND

cisconexus_7000Match-

cisconexus_7700Match-

Node

cisconx-osRange4.0–4.0\(1a\)

AND

ciscoucs_6248upMatch-

ciscoucs_6296upMatch-

ciscoucs_6332Match-

ciscousc_6324Match-

ciscousc_6332-16upMatch-

Node

cisconx-osRange2.4–2.4.1.101

AND

ciscofirepower_4110Match-

ciscofirepower_4115Match-

ciscofirepower_4120Match-

ciscofirepower_4125Match-

ciscofirepower_4140Match-

ciscofirepower_4145Match-

ciscofirepower_4150Match-

ciscofirepower_9300Match-

CPENameOperatorVersion
cisco:nx-oscisco nx-oslt8.1\(1b\)
cisco:nx-oscisco nx-oslt8.3\(1\)

CPE	Name	Operator	Version
cisco:nx-os	cisco nx-os	lt	8.1\(1b\)
cisco:nx-os	cisco nx-os	lt	8.3\(1\)

CNA Affected

[
  {
    "product": "Cisco NX-OS Software",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "8.3(1)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.securityfocus.com/bid/108391

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-conf-bypass

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2019-1728

nessus3 prion1 cvelist1 nvd1 cisco1