Lucene search

[email protected]CVE-2019-1732

HistoryMay 15, 2019 - 5:29 p.m.

CVE-2019-1732

2019-05-1517:29:01

CWE-78

CWE-667

[email protected]

web.nvd.nist.gov

vulnerability

rpm

cisco

nx-os software

authenticated attacker

arbitrary command injection

nvd

cve-2019-1732

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.2%

JSON

A vulnerability in the Remote Package Manager (RPM) subsystem of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to leverage a time-of-check, time-of-use (TOCTOU) race condition to corrupt local variables, which could lead to arbitrary command injection. The vulnerability is due to the lack of a proper locking mechanism on critical variables that need to stay static until used. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a set of RPM-related CLI commands. A successful exploit could allow the attacker to perform arbitrary command injection. The attacker would need administrator credentials for the targeted device.

Affected configurations

NVD

Node

cisconx-osRange7.0\(3\)i4–7.0\(3\)i7\(4\)

AND

cisconexus_3000Match-

cisconexus_3100Match-

cisconexus_3100-zMatch-

cisconexus_3100vMatch-

cisconexus_3200Match-

cisconexus_3400Match-

cisconexus_3500Match-

cisconexus_3524-xMatch-

cisconexus_3524-xlMatch-

cisconexus_3548-xMatch-

cisconexus_3548-xlMatch-

cisconexus_9000Match-

cisconexus_9200Match-

cisconexus_9300Match-

cisconexus_9500Match-

Node

cisconexus_3600Match-

AND

cisconx_osRange7.0\(3\)–7.0\(3\)f3\(5\)

CPENameOperatorVersion
cisco:nx-oscisco nx-oslt7.0\(3\)i7\(4\)

CPE	Name	Operator	Version
cisco:nx-os	cisco nx-os	lt	7.0\(3\)i7\(4\)

CNA Affected

[
  {
    "product": "Cisco NX-OS Software",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "8.3(1)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.securityfocus.com/bid/108361

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-rpm-injec

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2019-1732

prion1 cisco1 nessus2 cvelist1 nvd1