Lucene search

[email protected]NVD:CVE-2019-1795

HistoryMay 15, 2019 - 9:29 p.m.

CVE-2019-1795

2019-05-1521:29:03

CWE-77

CWE-88

[email protected]

web.nvd.nist.gov

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

Affected configurations

NVD

Node

cisconx-osRange<8.2\(3\)

cisconx-osRange8.3–8.3\(1\)

AND

ciscomds_9132tMatch-

ciscomds_9148sMatch-

ciscomds_9148tMatch-

ciscomds_9216Match-

ciscomds_9216aMatch-

ciscomds_9216iMatch-

ciscomds_9222iMatch-

ciscomds_9250iMatch-

ciscomds_9396sMatch-

ciscomds_9396tMatch-

ciscomds_9506Match-

ciscomds_9509Match-

ciscomds_9513Match-

ciscomds_9706Match-

ciscomds_9710Match-

ciscomds_9718Match-

Node

cisconx-osRange<7.0\(3\)i4\(8\)

cisconx-osRange7.0\(3\)i7–7.3\(3\)i7\(3\)

AND

cisco9432pqMatch-

cisco9536pqMatch-

cisco9636pqMatch-

cisco9736pqMatch-

ciscon9k-x9432c-sMatch-

ciscon9k-x9464pxMatch-

ciscon9k-x9464tx2Match-

ciscon9k-x9564pxMatch-

ciscon9k-x9564txMatch-

ciscon9k-x9636c-rMatch-

ciscon9k-x9636c-rxMatch-

ciscon9k-x97160yc-exMatch-

ciscon9k-x9732c-exMatch-

ciscon9k-x9732c-fxMatch-

ciscon9k-x9736c-exMatch-

ciscon9k-x9736c-fxMatch-

ciscon9k-x9788tc-fxMatch-

cisconexus_3048Match-

cisconexus_31108pc-vMatch-

cisconexus_31108tc-vMatch-

cisconexus_31128pqMatch-

cisconexus_3132c-zMatch-

cisconexus_3132q-vMatch-

cisconexus_3132q-x\/3132q-xlMatch-

cisconexus_3164qMatch-

cisconexus_3172pq\/pq-xlMatch-

cisconexus_3172tq-xlMatch-

cisconexus_3232cMatch-

cisconexus_3264c-eMatch-

cisconexus_3264qMatch-

cisconexus_3408-sMatch-

cisconexus_34180ycMatch-

cisconexus_3432d-sMatch-

cisconexus_3464cMatch-

cisconexus_3524-x\/xlMatch-

cisconexus_3548-x\/xlMatch-

cisconexus_36180yc-rMatch-

cisconexus_3636c-rMatch-

cisconexus_92160yc-xMatch-

cisconexus_92300ycMatch-

cisconexus_93108tc-exMatch-

cisconexus_93108tc-fxMatch-

cisconexus_93120txMatch-

cisconexus_9316d-gxMatch-

cisconexus_93180lc-exMatch-

cisconexus_93180yc-exMatch-

cisconexus_93180yc-fxMatch-

cisconexus_93216tc-fx2Match-

cisconexus_93240yc-fx2Match-

cisconexus_9332cMatch-

cisconexus_93360yc-fx2Match-

cisconexus_9336c-fx2Match-

cisconexus_9348gc-fxpMatch-

cisconexus_93600cd-gxMatch-

cisconexus_9364cMatch-

cisconexus_9500_supervisor_aMatch-

cisconexus_9500_supervisor_a\+Match-

cisconexus_9500_supervisor_bMatch-

cisconexus_9500_supervisor_b\+Match-

cisconexus_9504Match-

cisconexus_9508Match-

cisconexus_9516Match-

ciscox9636q-rMatch-

Node

cisconx-osRange<6.0\(2\)a8\(11\)

cisconx-osRange7.0\(3\)i4–7.0\(3\)i4\(8\)

cisconx-osRange7.0\(3\)i7–7.3\(3\)i7\(3\)

AND

cisconexus_3524-x\/xlMatch-

cisconexus_3548-x\/xlMatch-

Node

cisconx-osRange7.0\(3\)–7.0\(3\)f3\(5\)

AND

ciscon9k-c9504-fm-rMatch-

ciscon9k-c9508-fm-rMatch-

ciscon9k-x96136yc-rMatch-

ciscon9k-x9636c-rMatch-

ciscon9k-x9636c-rxMatch-

ciscon9k-x9636q-rMatch-

cisconexus_36180yc-rMatch-

cisconexus_3636c-rMatch-

ciscox96136yc-rMatch-

ciscox9636c-rMatch-

ciscox9636c-rxMatch-

ciscox9636q-rMatch-

Node

cisconx-osRange<7.3\(4\)n1\(1\)

AND

cisconexus_5010Match-

cisconexus_5020Match-

cisconexus_5548pMatch-

cisconexus_5548upMatch-

cisconexus_5596tMatch-

cisconexus_5596upMatch-

cisconexus_56128pMatch-

cisconexus_5624qMatch-

cisconexus_5648qMatch-

cisconexus_5672upMatch-

cisconexus_5672up-16gMatch-

cisconexus_5696qMatch-

cisconexus_6001Match-

cisconexus_6004Match-

Node

cisconx-osRange<6.2\(22\)

cisconx-osRange7.2–7.3\(3\)d1\(1\)

cisconx-osRange8.0–8.2\(3\)

cisconx-osRange8.3–8.3\(1\)

AND

cisco7000_10-slotMatch-

cisco7000_18-slotMatch-

cisco7000_4-slotMatch-

cisco7000_9-slotMatch-

cisco7700_10-slotMatch-

cisco7700_18-slotMatch-

cisco7700_2-slotMatch-

cisco7700_6-slotMatch-

ciscon77-f312ck-26Match-

ciscon77-f324fq-25Match-

ciscon77-f348xp-23Match-

ciscon77-f430cq-36Match-

ciscon77-m312cq-26lMatch-

ciscon77-m324fq-25lMatch-

ciscon77-m348xp-23lMatch-

ciscon7k-f248xp-25eMatch-

ciscon7k-f306ck-25Match-

ciscon7k-f312fq-25Match-

ciscon7k-m202cf-22lMatch-

ciscon7k-m206fq-23lMatch-

ciscon7k-m224xp-23lMatch-

ciscon7k-m324fq-25lMatch-

ciscon7k-m348xp-25lMatch-

cisconexus_7000_supervisor_1Match-

cisconexus_7000_supervisor_2Match-

cisconexus_7000_supervisor_2eMatch-

cisconexus_7700_supervisor_2eMatch-

cisconexus_7700_supervisor_3eMatch-

Node

cisconx-osRange<3.2\(3a\)

cisconx-osRange4.0–4.0\(1a\)

AND

ciscoucs_6248upMatch-

ciscoucs_6296upMatch-

ciscoucs_6324Match-

ciscoucs_6332Match-

ciscoucs_6332-16upMatch-

Node

ciscofirepower_extensible_operating_systemRange<2.0.1.201

ciscofirepower_extensible_operating_systemRange2.1–2.2.2.54

ciscofirepower_extensible_operating_systemRange2.3–2.3.1.73

ciscofirepower_extensible_operating_systemRange2.4–2.4.1.101

AND

ciscofirepower_4110Match-

ciscofirepower_4120Match-

ciscofirepower_4140Match-

ciscofirepower_4150Match-

ciscofirepower_9300_with_1_sm-24_moduleMatch-

ciscofirepower_9300_with_1_sm-36_moduleMatch-

ciscofirepower_9300_with_1_sm-44_moduleMatch-

ciscofirepower_9300_with_3_sm-44_modulesMatch-

Node

cisconx-osRange<5.2\(1\)sv3\(4.1\)

AND

cisconexus_1000vMatch-vmware_vsphere

Node

cisconx-osRange<5.2

AND

cisconexus_1000vMatch-hyper-v

References

www.securityfocus.com/bid/108479

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1795

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2019-1795

cvelist1 nessus3 cisco14 prion1 cve1