Lucene search

[email protected]CVE-2019-1601

HistoryMar 08, 2019 - 6:29 p.m.

CVE-2019-1601

2019-03-0818:29:00

CWE-284

CWE-732

[email protected]

web.nvd.nist.gov

cve-2019-1601

cisco

nx-os software

filesystem permissions

vulnerability

mds 9000 series

nexus 3000 series

nexus 3500 platform

nexus 3600 platform

nexus 2000

nexus 5500

nexus 5600

nexus 6000

nexus 7000

nexus 7700

nexus 9000

nexus 9500 r-series

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to gain read and write access to a critical configuration file. The vulnerability is due to a failure to impose strict filesystem permissions on the targeted device. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow an attacker to use the content of this configuration file to bypass authentication and log in as any user of the device. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(25), 8.1(1b), and 8.3(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.1(5)N1(1b) and 7.3(3)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).

Affected configurations

NVD

Node

cisconx-osRange8.2–8.3\(1\)

AND

ciscomds_9000Match-

Node

cisconx-osRange7.0\(3\)–7.0\(3\)i7\(4\)

AND

cisconexus_3500Match-

Node

cisconx-osRange7.0\(3\)i5–7.0\(3\)i7\(4\)

AND

cisconexus_3000Match-

Node

cisconx-osRange7.0\(3\)f3–7.0\(3\)f3\(5\)

AND

cisconexus_3600Match-

Node

cisconx-osRange7.0\(3\)i5–7.0\(3\)i7\(4\)

AND

cisconexus_9000Match-

Node

cisconx-osRange7.0\(3\)f1–7.0\(3\)f3\(5\)

AND

cisconexus_9500Match-

Node

cisconx-osRange7.3–8.1\(1b\)

AND

ciscomds_9000Match-

Node

cisconx-osRange<6.2\(25\)

AND

ciscomds_9000Match-

Node

cisconx-osRange<7.0\(3\)i4\(9\)

AND

cisconexus_3000Match-

Node

cisconx-osRange8.2–8.3\(1\)

AND

cisconexus_7000Match-

cisconexus_7700Match-

Node

cisconx-osRange7.2–7.3\(3\)d1\(1\)

AND

cisconexus_7000Match-

cisconexus_7700Match-

Node

cisconx-osRange<6.2\(22\)

AND

cisconexus_7000Match-

cisconexus_7700Match-

Node

cisconx-osRange<7.0\(3\)i4\(9\)

AND

cisconexus_9000Match-

Node

cisconx-osRange<6.0\(2\)a8\(10\)

AND

cisconexus_3500Match-

Node

cisconx-osRange7.2–7.3\(3\)n1\(1\)

AND

cisconexus_2000Match-

cisconexus_5500Match-

cisconexus_5600Match-

cisconexus_6000Match-

Node

cisconx-osRange<7.1\(5\)n1\(1b\)

AND

cisconexus_2000Match-

cisconexus_5500Match-

cisconexus_5600Match-

cisconexus_6000Match-

Node

cisconx-osRange8.0–8.1\(2\)

AND

cisconexus_7000Match-

cisconexus_7700Match-

CPENameOperatorVersion
cisco:nx-oscisco nx-oslt8.3\(1\)

CPE	Name	Operator	Version
cisco:nx-os	cisco nx-os	lt	8.3\(1\)

CNA Affected

[
  {
    "product": "MDS 9000 Series Multilayer Switches",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "6.2(25)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "8.1(1b)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "8.3(1)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Nexus 3000 Series Switches",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "7.0(3)I4(9)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "7.0(3)I7(4)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Nexus 3500 Platform Switches",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "6.0(2)A8(10)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "7.0(3)I7(4)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Nexus 3600 Platform Switches",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "7.0(3)F3(5)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Nexus 2000, 5500, 5600, and 6000 Series Switches",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "7.1(5)N1(1b)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "7.3(3)N1(1)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Nexus 7000 and 7700 Series Switches",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "6.2(22)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "7.3(3)D1(1)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "8.2(3)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Nexus 9000 Series Switches-Standalone",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "7.0(3)I4(9)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "7.0(3)I7(4)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Nexus 9500 R-Series Line Cards and Fabric Modules",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "7.0(3)F3(5)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.securityfocus.com/bid/107404

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-file-access

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2019-1601

cvelist1 cisco1 nessus2 prion1 nvd1