Lucene search

[email protected]NVD:CVE-2019-1585

HistoryMar 06, 2019 - 9:29 p.m.

CVE-2019-1585

2019-03-0621:29:00

CWE-16

[email protected]

web.nvd.nist.gov

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

Percentile

5.1%

JSON

A vulnerability in the controller authorization functionality of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attacker to escalate standard users with root privilege on an affected device. The vulnerability is due to a misconfiguration of certain sudoers files for the bashroot component on an affected device. An attacker could exploit this vulnerability by authenticating to the affected device with a crafted user ID, which may allow temporary administrative access to escalate privileges. A successful exploit could allow the attacker to escalate privileges on an affected device. This Vulnerability has been fixed in version 4.0(1h)

Affected configurations

Nvd

Node

cisconx-osMatch8.3\(0\)sk\(0.39\)

AND

cisconexus_92160yc-xMatch-

cisconexus_92304qcMatch-

cisconexus_9236cMatch-

cisconexus_9272qMatch-

cisconexus_93108tc-exMatch-

cisconexus_93120txMatch-

cisconexus_93128txMatch-

cisconexus_93180yc-exMatch-

cisconexus_9332pqMatch-

cisconexus_9336pq_aci_spineMatch-

cisconexus_9372pxMatch-

cisconexus_9372txMatch-

cisconexus_9396pxMatch-

cisconexus_9396txMatch-

cisconexus_9500Match-

cisconexus_9504Match-

cisconexus_9508Match-

cisconexus_9516Match-

Node

ciscoapplication_policy_infrastructure_controller_softwareRange≤4.0\(1h\)

AND

cisconexus_92160yc-xMatch-

cisconexus_92304qcMatch-

cisconexus_9236cMatch-

cisconexus_9272qMatch-

cisconexus_93108tc-exMatch-

cisconexus_93120txMatch-

cisconexus_93128txMatch-

cisconexus_93180yc-exMatch-

cisconexus_9332pqMatch-

cisconexus_9336pq_aci_spineMatch-

cisconexus_9372pxMatch-

cisconexus_9372txMatch-

cisconexus_9396pxMatch-

cisconexus_9396txMatch-

cisconexus_9500Match-

cisconexus_9504Match-

cisconexus_9508Match-

cisconexus_9516Match-

VendorProductVersionCPE
cisconx-os8.3(0)sk(0.39)cpe:2.3:o:cisco:nx-os:8.3\(0\)sk\(0.39\):*:*:*:*:*:*:*
cisconexus_92160yc-x-cpe:2.3:h:cisco:nexus_92160yc-x:-:*:*:*:*:*:*:*
cisconexus_92304qc-cpe:2.3:h:cisco:nexus_92304qc:-:*:*:*:*:*:*:*
cisconexus_9236c-cpe:2.3:h:cisco:nexus_9236c:-:*:*:*:*:*:*:*
cisconexus_9272q-cpe:2.3:h:cisco:nexus_9272q:-:*:*:*:*:*:*:*
cisconexus_93108tc-ex-cpe:2.3:h:cisco:nexus_93108tc-ex:-:*:*:*:*:*:*:*
cisconexus_93120tx-cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*
cisconexus_93128tx-cpe:2.3:h:cisco:nexus_93128tx:-:*:*:*:*:*:*:*
cisconexus_93180yc-ex-cpe:2.3:h:cisco:nexus_93180yc-ex:-:*:*:*:*:*:*:*
cisconexus_9332pq-cpe:2.3:h:cisco:nexus_9332pq:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	nx-os	8.3(0)sk(0.39)	cpe:2.3:o:cisco:nx-os:8.3\(0\)sk\(0.39\):::::::*
cisco	nexus_92160yc-x	-	cpe:2.3:h:cisco:nexus_92160yc-x:-:::::::*
cisco	nexus_92304qc	-	cpe:2.3:h:cisco:nexus_92304qc:-:::::::*
cisco	nexus_9236c	-	cpe:2.3:h:cisco:nexus_9236c:-:::::::*
cisco	nexus_9272q	-	cpe:2.3:h:cisco:nexus_9272q:-:::::::*
cisco	nexus_93108tc-ex	-	cpe:2.3:h:cisco:nexus_93108tc-ex:-:::::::*
cisco	nexus_93120tx	-	cpe:2.3:h:cisco:nexus_93120tx:-:::::::*
cisco	nexus_93128tx	-	cpe:2.3:h:cisco:nexus_93128tx:-:::::::*
cisco	nexus_93180yc-ex	-	cpe:2.3:h:cisco:nexus_93180yc-ex:-:::::::*
cisco	nexus_9332pq	-	cpe:2.3:h:cisco:nexus_9332pq:-:::::::*

Rows per page:

1-10 of 201

References

www.securityfocus.com/bid/107312

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-aci-controller-privsec

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2019-1585

nessus1 prion1 cvelist1 cve1 cisco1