Lucene search

[email protected]CVE-2019-1615

HistoryMar 11, 2019 - 9:29 p.m.

CVE-2019-1615

2019-03-1121:29:00

CWE-347

[email protected]

web.nvd.nist.gov

cve-2019-1615

cisco

nx-os

vulnerability

image signature verification

software

unauthorized software installation

digital signatures

nexus 3000

nexus 9000

r-series line cards

fabric modules

security advisory

nvd

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability is due to improper verification of digital signatures for software images. An attacker could exploit this vulnerability by loading an unsigned software image on an affected device. A successful exploit could allow the attacker to boot a malicious software image. Note: The fix for this vulnerability requires a BIOS upgrade as part of the software upgrade. For additional information, see the Details section of this advisory. Nexus 3000 Series Switches are affected running software versions prior to 7.0(3)I7(5). Nexus 9000 Series Fabric Switches in ACI Mode are affected running software versions prior to 13.2(1l). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running software versions prior to 7.0(3)I7(5). Nexus 9500 R-Series Line Cards and Fabric Modules are affected running software versions prior to 7.0(3)F3(5).

CPENameOperatorVersion
cisco:nx-oscisco nx-oseq7.0\(3\)i7\(3\)
cisco:nx-oscisco nx-oseq9.2\(1\)
cisco:nx-oscisco nx-oseq12.3\(0.97\)
cisco:nx-oscisco nx-oseq7.0\(3\)i7\(5\)

CPE	Name	Operator	Version
cisco:nx-os	cisco nx-os	eq	7.0\(3\)i7\(3\)
cisco:nx-os	cisco nx-os	eq	9.2\(1\)
cisco:nx-os	cisco nx-os	eq	12.3\(0.97\)
cisco:nx-os	cisco nx-os	eq	7.0\(3\)i7\(5\)

References

www.securityfocus.com/bid/107397

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-sig-verif

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2019-1615

nessus2 prion1 cisco1 cvelist1