Lucene search

[email protected]NVD:CVE-2019-1601

HistoryMar 08, 2019 - 6:29 p.m.

CVE-2019-1601

2019-03-0818:29:00

CWE-732

CWE-284

[email protected]

web.nvd.nist.gov

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to gain read and write access to a critical configuration file. The vulnerability is due to a failure to impose strict filesystem permissions on the targeted device. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow an attacker to use the content of this configuration file to bypass authentication and log in as any user of the device. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(25), 8.1(1b), and 8.3(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.1(5)N1(1b) and 7.3(3)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).

Affected configurations

NVD

Node

cisconx-osRange8.2–8.3\(1\)

AND

ciscomds_9000Match-

Node

cisconx-osRange7.0\(3\)–7.0\(3\)i7\(4\)

AND

cisconexus_3500Match-

Node

cisconx-osRange7.0\(3\)i5–7.0\(3\)i7\(4\)

AND

cisconexus_3000Match-

Node

cisconx-osRange7.0\(3\)f3–7.0\(3\)f3\(5\)

AND

cisconexus_3600Match-

Node

cisconx-osRange7.0\(3\)i5–7.0\(3\)i7\(4\)

AND

cisconexus_9000Match-

Node

cisconx-osRange7.0\(3\)f1–7.0\(3\)f3\(5\)

AND

cisconexus_9500Match-

Node

cisconx-osRange7.3–8.1\(1b\)

AND

ciscomds_9000Match-

Node

cisconx-osRange<6.2\(25\)

AND

ciscomds_9000Match-

Node

cisconx-osRange<7.0\(3\)i4\(9\)

AND

cisconexus_3000Match-

Node

cisconx-osRange8.2–8.3\(1\)

AND

cisconexus_7000Match-

cisconexus_7700Match-

Node

cisconx-osRange7.2–7.3\(3\)d1\(1\)

AND

cisconexus_7000Match-

cisconexus_7700Match-

Node

cisconx-osRange<6.2\(22\)

AND

cisconexus_7000Match-

cisconexus_7700Match-

Node

cisconx-osRange<7.0\(3\)i4\(9\)

AND

cisconexus_9000Match-

Node

cisconx-osRange<6.0\(2\)a8\(10\)

AND

cisconexus_3500Match-

Node

cisconx-osRange7.2–7.3\(3\)n1\(1\)

AND

cisconexus_2000Match-

cisconexus_5500Match-

cisconexus_5600Match-

cisconexus_6000Match-

Node

cisconx-osRange<7.1\(5\)n1\(1b\)

AND

cisconexus_2000Match-

cisconexus_5500Match-

cisconexus_5600Match-

cisconexus_6000Match-

Node

cisconx-osRange8.0–8.1\(2\)

AND

cisconexus_7000Match-

cisconexus_7700Match-

References

www.securityfocus.com/bid/107404

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-file-access

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2019-1601

cvelist1 cisco1 nessus2 prion1 cve1