Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistCiscoCVELIST:CVE-2019-1601
HistoryMar 06, 2019 - 12:00 a.m.

CVE-2019-1601 Cisco NX-OS Software Unauthorized Filesystem Access Vulnerability

2019-03-0600:00:00
CWE-284
cisco
www.cve.org

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to gain read and write access to a critical configuration file. The vulnerability is due to a failure to impose strict filesystem permissions on the targeted device. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow an attacker to use the content of this configuration file to bypass authentication and log in as any user of the device. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(25), 8.1(1b), and 8.3(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.1(5)N1(1b) and 7.3(3)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).

CNA Affected

[
  {
    "product": "MDS 9000 Series Multilayer Switches",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "6.2(25)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "8.1(1b)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "8.3(1)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Nexus 3000 Series Switches",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "7.0(3)I4(9)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "7.0(3)I7(4)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Nexus 3500 Platform Switches",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "6.0(2)A8(10)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "7.0(3)I7(4)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Nexus 3600 Platform Switches",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "7.0(3)F3(5)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Nexus 2000, 5500, 5600, and 6000 Series Switches",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "7.1(5)N1(1b)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "7.3(3)N1(1)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Nexus 7000 and 7700 Series Switches",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "6.2(22)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "7.3(3)D1(1)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "8.2(3)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Nexus 9000 Series Switches-Standalone",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "7.0(3)I4(9)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "7.0(3)I7(4)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Nexus 9500 R-Series Line Cards and Fabric Modules",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "7.0(3)F3(5)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Related

cisco 1
nessus 2
prion 1
cve 1
nvd 1
cisco
cisco
Cisco NX-OS Software Unauthorized Filesystem Access Vulnerability
2019-03-06 16:00:00
nessus
nessus
Cisco NX-OS Software Unauthorized Filesystem Access (CVE-2019-1601)
2023-07-25 00:00:00
Cisco NX-OS Software Unauthorized Filesystem Access Vulnerability
2019-07-30 00:00:00
prion
prion
Authentication flaw
2019-03-08 18:29:00
cve
cve
CVE-2019-1601
2019-03-08 18:29:00
nvd
nvd
CVE-2019-1601
2019-03-08 18:29:00

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for CVELIST:CVE-2019-1601
cisco1nessus2prion1cve1nvd1