Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCiscoCVE-2019-1803
HistoryMay 03, 2019 - 5:29 p.m.

CVE-2019-1803

2019-05-0317:29:00
CWE-264
CWE-732
cisco
web.nvd.nist.gov
38
cisco
nexus 9000
aci mode switch
vulnerability
local attacker
root privileges
file permissions
exploit
nvd

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7

Confidence

High

EPSS

0

Percentile

5.1%

JSON

A vulnerability in the filesystem management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an authenticated, local attacker with administrator rights to gain elevated privileges as the root user on an affected device. The vulnerability is due to overly permissive file permissions of specific system files. An attacker could exploit this vulnerability by authenticating to an affected device, creating a crafted command string, and writing this crafted string to a specific file location. A successful exploit could allow the attacker to execute arbitrary operating system commands as root on an affected device. The attacker would need to have valid administrator credentials for the device.

Affected configurations

Nvd
Vulners
Node
cisconexus_9000_series_application_centric_infrastructureMatch-
AND
cisconexus_93108tc-exMatch-
OR
cisconexus_93120txMatch-
OR
cisconexus_93128txMatch-
OR
cisconexus_93180lc-exMatch-
OR
cisconexus_93180tc-exMatch-
OR
cisconexus_93180yc-exMatch-
OR
cisconexus_93180yc-fxMatch-
OR
cisconexus_9332pqMatch-
OR
cisconexus_9336c-fx2Match-
OR
cisconexus_9336pq_aci_spineMatch-
OR
cisconexus_9348gc-fxpMatch-
OR
cisconexus_9364cMatch-
OR
cisconexus_9372pxMatch-
OR
cisconexus_9372px-eMatch-
OR
cisconexus_9372txMatch-
OR
cisconexus_9372tx-eMatch-
OR
cisconexus_9396pxMatch-
OR
cisconexus_9396txMatch-
OR
cisconexus_9504Match-
OR
cisconexus_9508Match-
OR
cisconexus_9516Match-
VendorProductVersionCPE
cisconexus_9000_series_application_centric_infrastructure-cpe:2.3:o:cisco:nexus_9000_series_application_centric_infrastructure:-:*:*:*:*:*:*:*
cisconexus_93108tc-ex-cpe:2.3:h:cisco:nexus_93108tc-ex:-:*:*:*:*:*:*:*
cisconexus_93120tx-cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*
cisconexus_93128tx-cpe:2.3:h:cisco:nexus_93128tx:-:*:*:*:*:*:*:*
cisconexus_93180lc-ex-cpe:2.3:h:cisco:nexus_93180lc-ex:-:*:*:*:*:*:*:*
cisconexus_93180tc-ex-cpe:2.3:h:cisco:nexus_93180tc-ex:-:*:*:*:*:*:*:*
cisconexus_93180yc-ex-cpe:2.3:h:cisco:nexus_93180yc-ex:-:*:*:*:*:*:*:*
cisconexus_93180yc-fx-cpe:2.3:h:cisco:nexus_93180yc-fx:-:*:*:*:*:*:*:*
cisconexus_9332pq-cpe:2.3:h:cisco:nexus_9332pq:-:*:*:*:*:*:*:*
cisconexus_9336c-fx2-cpe:2.3:h:cisco:nexus_9336c-fx2:-:*:*:*:*:*:*:*
Rows per page:
1-10 of 221

CNA Affected

[
  {
    "product": "Cisco NX-OS Software for Nexus 9000 Series Fabric Switches ACI Mode",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "14.1(1i)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Related

cvelist 1
cisco 1
prion 1
nvd 1
nessus 1
cvelist
cvelist
CVE-2019-1803 Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Root Privilege Escalation Vulnerability
2019-05-03 16:20:16
cisco
cisco
Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Root Privilege Escalation Vulnerability
2019-05-01 16:00:00
prion
prion
Command injection
2019-05-03 17:29:00
nvd
nvd
CVE-2019-1803
2019-05-03 17:29:00
nessus
nessus
Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Root Privilege Escalation Vulnerability (cisco-sa-20190501-nexus9k-rpe)
2020-06-03 00:00:00

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7

Confidence

High

EPSS

0

Percentile

5.1%

JSON
Related for CVE-2019-1803
cvelist1cisco1prion1nvd1nessus1