Lucene search

[email protected]NVD:CVE-2019-1604

HistoryMar 08, 2019 - 7:29 p.m.

CVE-2019-1604

2019-03-0819:29:00

CWE-863

CWE-285

[email protected]

web.nvd.nist.gov

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

Percentile

5.1%

JSON

A vulnerability in the user account management interface of Cisco NX-OS Software could allow an authenticated, local attacker to gain elevated privileges on an affected device. The vulnerability is due to an incorrect authorization check of user accounts and their associated Group ID (GID). An attacker could exploit this vulnerability by taking advantage of a logic error that will permit the use of higher privileged commands than what is necessarily assigned. A successful exploit could allow an attacker to execute commands with elevated privileges on the underlying Linux shell of an affected device. Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 8.2(3), and 8.3(2). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).

Affected configurations

Nvd

Node

cisconx-osRange<7.0\(3\)i7\(4\)

AND

cisconexus_3000Match-

cisconexus_3500Match-

cisconexus_9000Match-

Node

cisconx-osRange<7.0\(3\)f3\(5\)

AND

cisconexus_3600Match-

cisconexus_9500Match-

Node

cisconx-osRange8.2\(3\)–8.3\(2\)

AND

cisconexus_7000Match-

cisconexus_7700Match-

Node

cisconx-osRange6.22\(22\)–8.2\(3\)

AND

cisconexus_7000Match-

cisconexus_7700Match-

Node

cisconx-osRange<6.2\(22\)

AND

cisconexus_7000Match-

cisconexus_7700Match-

VendorProductVersionCPE
cisconx-os*cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*
cisconexus_3000-cpe:2.3:h:cisco:nexus_3000:-:*:*:*:*:*:*:*
cisconexus_3500-cpe:2.3:h:cisco:nexus_3500:-:*:*:*:*:*:*:*
cisconexus_9000-cpe:2.3:h:cisco:nexus_9000:-:*:*:*:*:*:*:*
cisconexus_3600-cpe:2.3:h:cisco:nexus_3600:-:*:*:*:*:*:*:*
cisconexus_9500-cpe:2.3:h:cisco:nexus_9500:-:*:*:*:*:*:*:*
cisconexus_7000-cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*
cisconexus_7700-cpe:2.3:h:cisco:nexus_7700:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	nx-os	*	cpe:2.3:o:cisco:nx-os::::::::
cisco	nexus_3000	-	cpe:2.3:h:cisco:nexus_3000:-:::::::*
cisco	nexus_3500	-	cpe:2.3:h:cisco:nexus_3500:-:::::::*
cisco	nexus_9000	-	cpe:2.3:h:cisco:nexus_9000:-:::::::*
cisco	nexus_3600	-	cpe:2.3:h:cisco:nexus_3600:-:::::::*
cisco	nexus_9500	-	cpe:2.3:h:cisco:nexus_9500:-:::::::*
cisco	nexus_7000	-	cpe:2.3:h:cisco:nexus_7000:-:::::::*
cisco	nexus_7700	-	cpe:2.3:h:cisco:nexus_7700:-:::::::*

References

www.securityfocus.com/bid/107323

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-privesca

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2019-1604

cisco1 cve1 prion1 nessus2 cvelist1