Lucene search

[email protected]CVE-2019-1812

HistoryMay 15, 2019 - 11:29 p.m.

CVE-2019-1812

2019-05-1523:29:01

CWE-347

[email protected]

web.nvd.nist.gov

vulnerability

image signature verification

cisco nx-os software

local attacker

administrator-level credentials

cli command execution

software digital signatures

nvd

cve-2019-1812

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device.

Affected configurations

NVD

Node

cisconx-osRange6.0\(2\)–7.0\(3\)i7\(5\)

cisconx-osRange9.2–9.2\(2\)

AND

cisconexus_3048Match-

cisconexus_31108pc-vMatch-

cisconexus_31108tc-vMatch-

cisconexus_31128pqMatch-

cisconexus_3132c-zMatch-

cisconexus_3132q-vMatch-

cisconexus_3132q-x\/3132q-xlMatch-

cisconexus_3164qMatch-

cisconexus_3172pq\/pq-xlMatch-

cisconexus_3172tq-xlMatch-

cisconexus_3232cMatch-

cisconexus_3264c-eMatch-

cisconexus_3264qMatch-

cisconexus_3408-sMatch-

cisconexus_34180ycMatch-

cisconexus_3432d-sMatch-

cisconexus_3464cMatch-

cisconexus_3524-x\/xlMatch-

cisconexus_3548-x\/xlMatch-

cisconexus_36180yc-rMatch-

cisconexus_3636c-rMatch-

Node

cisconx-osRange7.0\(3\)–7.0\(3\)f3\(5\)

cisconx-osRange9.2–9.2\(2\)

AND

ciscon9k-c9504-fm-rMatch-

ciscon9k-c9508-fm-rMatch-

cisconexus_36180yc-rMatch-

cisconexus_3636c-rMatch-

Node

cisconx-osRange<7.0\(3\)i7\(5\)

cisconx-osRange9.2–9.2\(2\)

AND

cisco9432pqMatch-

cisco9536pqMatch-

cisco9636pqMatch-

cisco9736pqMatch-

ciscon9k-x9432c-sMatch-

ciscon9k-x9464pxMatch-

ciscon9k-x9464tx2Match-

ciscon9k-x9564pxMatch-

ciscon9k-x9564txMatch-

ciscon9k-x9636c-rMatch-

ciscon9k-x9636c-rxMatch-

ciscon9k-x97160yc-exMatch-

ciscon9k-x9732c-exMatch-

ciscon9k-x9732c-fxMatch-

ciscon9k-x9736c-exMatch-

ciscon9k-x9736c-fxMatch-

ciscon9k-x9788tc-fxMatch-

cisconexus_92160yc-xMatch-

cisconexus_92300ycMatch-

cisconexus_93108tc-exMatch-

cisconexus_93108tc-fxMatch-

cisconexus_93120txMatch-

cisconexus_9316d-gxMatch-

cisconexus_93180lc-exMatch-

cisconexus_93180yc-exMatch-

cisconexus_93180yc-fxMatch-

cisconexus_93216tc-fx2Match-

cisconexus_93240yc-fx2Match-

cisconexus_9332cMatch-

cisconexus_93360yc-fx2Match-

cisconexus_9336c-fx2Match-

cisconexus_9348gc-fxpMatch-

cisconexus_93600cd-gxMatch-

cisconexus_9364cMatch-

cisconexus_9500_supervisor_aMatch-

cisconexus_9500_supervisor_a\+Match-

cisconexus_9500_supervisor_bMatch-

cisconexus_9500_supervisor_b\+Match-

cisconexus_9504Match-

cisconexus_9508Match-

cisconexus_9516Match-

ciscox9636q-rMatch-

CPENameOperatorVersion
cisco:nx-oscisco nx-oslt7.0\(3\)i7\(5\)
cisco:nx-oscisco nx-oslt9.2\(2\)

CPE	Name	Operator	Version
cisco:nx-os	cisco nx-os	lt	7.0\(3\)i7\(5\)
cisco:nx-os	cisco nx-os	lt	9.2\(2\)

CNA Affected

[
  {
    "product": "Cisco NX-OS Software",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "8.3(1)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.securityfocus.com/bid/108425

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-sisv2

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2019-1812

cvelist1 prion1 nvd1 nessus1 cisco1