Lucene search

[email protected]NVD:CVE-2019-1592

HistoryMay 03, 2019 - 3:29 p.m.

CVE-2019-1592

2019-05-0315:29:00

CWE-20

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

A vulnerability in the background operations functionality of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an authenticated, local attacker to gain elevated privileges as root on an affected device. The vulnerability is due to insufficient validation of user-supplied files on an affected device. An attacker could exploit this vulnerability by logging in to the CLI of the affected device and creating a crafted file in a specific directory on the filesystem. A successful exploit could allow the attacker to execute arbitrary operating system commands as root on an affected device.

Affected configurations

Nvd

Node

cisconx-osMatch14.1\(0.90\)

AND

cisconexus_9000Match-

cisconexus_92160yc-xMatch-

cisconexus_92300ycMatch-

cisconexus_92304qcMatch-

cisconexus_9236cMatch-

cisconexus_9272qMatch-

cisconexus_93108tc-exMatch-

cisconexus_93108tc-fxMatch-

cisconexus_93120txMatch-

cisconexus_93128txMatch-

cisconexus_93180lc-exMatch-

cisconexus_93180yc-exMatch-

cisconexus_93180yc-fxMatch-

cisconexus_93240yc-fx2Match-

cisconexus_9332cMatch-

cisconexus_9332pqMatch-

cisconexus_9336c-fx2Match-

cisconexus_9336pqMatch-

cisconexus_9348gc-fxpMatch-

cisconexus_9364cMatch-

cisconexus_9372pxMatch-

cisconexus_9372px-eMatch-

cisconexus_9372txMatch-

cisconexus_9372tx-eMatch-

cisconexus_9396pxMatch-

cisconexus_9396txMatch-

cisconexus_9508Match-

VendorProductVersionCPE
cisconx-os14.1(0.90)cpe:2.3:o:cisco:nx-os:14.1\(0.90\):*:*:*:*:*:*:*
cisconexus_9000-cpe:2.3:h:cisco:nexus_9000:-:*:*:*:*:*:*:*
cisconexus_92160yc-x-cpe:2.3:h:cisco:nexus_92160yc-x:-:*:*:*:*:*:*:*
cisconexus_92300yc-cpe:2.3:h:cisco:nexus_92300yc:-:*:*:*:*:*:*:*
cisconexus_92304qc-cpe:2.3:h:cisco:nexus_92304qc:-:*:*:*:*:*:*:*
cisconexus_9236c-cpe:2.3:h:cisco:nexus_9236c:-:*:*:*:*:*:*:*
cisconexus_9272q-cpe:2.3:h:cisco:nexus_9272q:-:*:*:*:*:*:*:*
cisconexus_93108tc-ex-cpe:2.3:h:cisco:nexus_93108tc-ex:-:*:*:*:*:*:*:*
cisconexus_93108tc-fx-cpe:2.3:h:cisco:nexus_93108tc-fx:-:*:*:*:*:*:*:*
cisconexus_93120tx-cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	nx-os	14.1(0.90)	cpe:2.3:o:cisco:nx-os:14.1\(0.90\):::::::*
cisco	nexus_9000	-	cpe:2.3:h:cisco:nexus_9000:-:::::::*
cisco	nexus_92160yc-x	-	cpe:2.3:h:cisco:nexus_92160yc-x:-:::::::*
cisco	nexus_92300yc	-	cpe:2.3:h:cisco:nexus_92300yc:-:::::::*
cisco	nexus_92304qc	-	cpe:2.3:h:cisco:nexus_92304qc:-:::::::*
cisco	nexus_9236c	-	cpe:2.3:h:cisco:nexus_9236c:-:::::::*
cisco	nexus_9272q	-	cpe:2.3:h:cisco:nexus_9272q:-:::::::*
cisco	nexus_93108tc-ex	-	cpe:2.3:h:cisco:nexus_93108tc-ex:-:::::::*
cisco	nexus_93108tc-fx	-	cpe:2.3:h:cisco:nexus_93108tc-fx:-:::::::*
cisco	nexus_93120tx	-	cpe:2.3:h:cisco:nexus_93120tx:-:::::::*

Rows per page:

1-10 of 281

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-aci-hw-clock-util

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2019-1592

nessus2 cve1 cvelist1 prion1 cisco1