Lucene search

CiscoCVELIST:CVE-2019-1726

HistoryMay 15, 2019 - 4:40 p.m.

CVE-2019-1726 Cisco NX-OS Software CLI Bypass to Internal Service Vulnerability

2019-05-1516:40:17

CWE-20

cisco

www.cve.org

CVSS3

5.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

AI Score

7.5

Confidence

High

EPSS

Percentile

5.2%

JSON

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to access internal services that should be restricted on an affected device, such as the NX-API. The vulnerability is due to insufficient validation of arguments passed to a certain CLI command. An attacker could exploit this vulnerability by including malicious input as the argument to the affected command. A successful exploit could allow the attacker to bypass intended restrictions and access internal services of the device. An attacker would need valid device credentials to exploit this vulnerability.

CNA Affected

[
  {
    "product": "Cisco NX-OS Software",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "6.2(25)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "8.3(2)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "7.0(3)I7(3)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "9.2(1)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.securityfocus.com/bid/108409

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cli-bypass