Vulnerability-Lookup

CVE-2019-1608 (GCVE-0-2019-1608)

Vulnerability from cvelistv5 – Published: 2019-03-08 20:00 – Updated: 2024-11-21 19:43

Title

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1608)

Summary

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(27), 8.1(1b), and 8.3(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3).

Severity ?

4.2 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CWE

CWE-77

Assigner

cisco

References

URL

Tags

	http://www.securityfocus.com/bid/107386	vdb-entryx_refsource_BID
	https://tools.cisco.com/security/center/content/C…	vendor-advisoryx_refsource_CISCO

Impacted products

Vendor

Product

Version

Cisco

MDS 9000 Series Multilayer Switches

Affected: unspecified , < 6.2(27) (custom)
Affected: unspecified , < 8.1(1b) (custom)
Affected: unspecified , < 8.3(1) (custom)

Cisco

Nexus 7000 and 7700 Series Switches

Affected: unspecified , < 6.2(22) (custom)
Affected: unspecified , < 7.3(3)D1(1) (custom)
Affected: unspecified , < 8.2(3) (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:20:28.364Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "107386",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107386"
          },
          {
            "name": "20190306 Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1608)",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1608"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-1608",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-21T19:00:12.204237Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-21T19:43:36.190Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MDS 9000 Series Multilayer Switches",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "6.2(27)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "8.1(1b)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "8.3(1)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Nexus 7000 and 7700 Series Switches",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "6.2(22)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "7.3(3)D1(1)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "8.2(3)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-03-06T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(27), 8.1(1b), and 8.3(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3)."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-14T09:57:01.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "107386",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107386"
        },
        {
          "name": "20190306 Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1608)",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1608"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190306-nxos-cmdinj-1608",
        "defect": [
          [
            "CSCvi01422"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1608)",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-03-06T16:00:00-0800",
          "ID": "CVE-2019-1608",
          "STATE": "PUBLIC",
          "TITLE": "Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1608)"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MDS 9000 Series Multilayer Switches",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "6.2(27)"
                          },
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "8.1(1b)"
                          },
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "8.3(1)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Nexus 7000 and 7700 Series Switches",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "6.2(22)"
                          },
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "7.3(3)D1(1)"
                          },
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "8.2(3)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(27), 8.1(1b), and 8.3(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3)."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "4.2",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-77"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "107386",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107386"
            },
            {
              "name": "20190306 Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1608)",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1608"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190306-nxos-cmdinj-1608",
          "defect": [
            [
              "CSCvi01422"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1608",
    "datePublished": "2019-03-08T20:00:00.000Z",
    "dateReserved": "2018-12-06T00:00:00.000Z",
    "dateUpdated": "2024-11-21T19:43:36.190Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.securityfocus.com/bid/107386\", \"name\": \"107386\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1608\", \"name\": \"20190306 Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1608)\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T18:20:28.364Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2019-1608\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-21T19:00:12.204237Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-21T19:01:34.646Z\"}}], \"cna\": {\"title\": \"Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1608)\", \"source\": {\"defect\": [[\"CSCvi01422\"]], \"advisory\": \"cisco-sa-20190306-nxos-cmdinj-1608\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"cvssV3_0\": {\"scope\": \"UNCHANGED\", \"version\": \"3.0\", \"baseScore\": 4.2, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"MDS 9000 Series Multilayer Switches\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"6.2(27)\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"8.1(1b)\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"8.3(1)\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Cisco\", \"product\": \"Nexus 7000 and 7700 Series Switches\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"6.2(22)\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"7.3(3)D1(1)\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"8.2(3)\", \"versionType\": \"custom\"}]}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"datePublic\": \"2019-03-06T00:00:00.000Z\", \"references\": [{\"url\": \"http://www.securityfocus.com/bid/107386\", \"name\": \"107386\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1608\", \"name\": \"20190306 Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1608)\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(27), 8.1(1b), and 8.3(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3).\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-77\", \"description\": \"CWE-77\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2019-03-14T09:57:01.000Z\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"version\": \"3.0\", \"baseScore\": \"4.2\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L\"}}, \"source\": {\"defect\": [[\"CSCvi01422\"]], \"advisory\": \"cisco-sa-20190306-nxos-cmdinj-1608\", \"discovery\": \"INTERNAL\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"affected\": \"\u003c\", \"version_value\": \"6.2(27)\", \"version_affected\": \"\u003c\"}, {\"affected\": \"\u003c\", \"version_value\": \"8.1(1b)\", \"version_affected\": \"\u003c\"}, {\"affected\": \"\u003c\", \"version_value\": \"8.3(1)\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"MDS 9000 Series Multilayer Switches\"}, {\"version\": {\"version_data\": [{\"affected\": \"\u003c\", \"version_value\": \"6.2(22)\", \"version_affected\": \"\u003c\"}, {\"affected\": \"\u003c\", \"version_value\": \"7.3(3)D1(1)\", \"version_affected\": \"\u003c\"}, {\"affected\": \"\u003c\", \"version_value\": \"8.2(3)\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"Nexus 7000 and 7700 Series Switches\"}]}, \"vendor_name\": \"Cisco\"}]}}, \"exploit\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"http://www.securityfocus.com/bid/107386\", \"name\": \"107386\", \"refsource\": \"BID\"}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1608\", \"name\": \"20190306 Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1608)\", \"refsource\": \"CISCO\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(27), 8.1(1b), and 8.3(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3).\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-77\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2019-1608\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1608)\", \"ASSIGNER\": \"psirt@cisco.com\", \"DATE_PUBLIC\": \"2019-03-06T16:00:00-0800\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2019-1608\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-21T19:43:36.190Z\", \"dateReserved\": \"2018-12-06T00:00:00.000Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2019-03-08T20:00:00.000Z\", \"assignerShortName\": \"cisco\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CVE-2019-1608

Vulnerability from fstec - Published: 06.03.2019

Title

Уязвимость интерфейса командной строки операционной системы Cisco Nexus Operating System, позволяющая нарушителю выполнить произвольную команду

Description

Уязвимость интерфейса командной строки операционной системы Cisco Nexus Operating System связана с недостаточной проверкой аргументов, передаваемых в команду. Эксплуатация уязвимости может позволить нарушителю, действующему локально, выполнить произвольную команду

Severity ?


                    
                      AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Vendor

Cisco Systems Inc.

Software Name

Cisco Nexus Operating System

Software Version

8.2(1) (Cisco Nexus Operating System)

Possible Mitigations

Использование рекомендаций: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1608

Reference

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1608

CWE

CWE-77

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Cisco Systems Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "8.2(1) (Cisco Nexus Operating System)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439: \nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1608",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "06.03.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "22.03.2019",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-01086",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-1608",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Cisco Nexus Operating System",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Cisco Systems Inc. - - Cisco MDS 9000 Series Multilayer Switches, Cisco Systems Inc. - - Cisco Nexus 7000 Series Switches, Cisco Systems Inc. - - Cisco Nexus 7700 Series Switches",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0438 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Cisco Nexus Operating System, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u0443\u044e \u043a\u043e\u043c\u0430\u043d\u0434\u0443",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u0447\u0438\u0441\u0442\u043a\u0435 \u0434\u0430\u043d\u043d\u044b\u0445 \u043d\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0449\u0435\u043c \u0443\u0440\u043e\u0432\u043d\u0435 (\u0412\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0443) (CWE-77)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0438 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Cisco Nexus Operating System \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0430\u0440\u0433\u0443\u043c\u0435\u043d\u0442\u043e\u0432, \u043f\u0435\u0440\u0435\u0434\u0430\u0432\u0430\u0435\u043c\u044b\u0445 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0443. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u0443\u044e \u043a\u043e\u043c\u0430\u043d\u0434\u0443",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1608",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-77",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,2)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,7)"
}

CERTFR-2019-AVI-092

Vulnerability from certfr_avis - Published: 2019-03-07 - Updated: 2019-03-07

De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco FXOS versions 2.4.x antérieures à 2.4.1.122 pour Firepower 4100 Series Next-Generation Firewalls et Firepower 9300 Security Appliance
Cisco	NX-OS	Cisco NX-OS versions antérieures à 5.2(1)SM3(2.1) pour Nexus 1000V Switch for Microsoft Hyper-V
Cisco	NX-OS	Cisco NX-OS versions 7.2(x) et 7.3(x) antérieures à 7.3(5)N1(1) pour Nexus 2000, 5500, 5600 et 6000 Series Switches
Cisco	N/A	Cisco FXOS versions 2.3.x antérieures à 2.3.1.110 pour Firepower 4100 Series Next-Generation Firewalls et Firepower 9300 Security Appliance
Cisco	NX-OS	Cisco NX-OS versions 4.0(x) antérieures à 4.0(2a) pour UCS 6200 et 6300 Fabric Interconnects
Cisco	NX-OS	Cisco NX-OS versions antérieures à 3.2(3j) pour UCS 6200 et 6300 Fabric Interconnects
Cisco	NX-OS	Cisco NX-OS versions antérieures à 6.0(2)A8(11) pour Nexus 3500 Platform Switches
Cisco	NX-OS	Cisco NX-OS versions 5.2(x) et 6.2(x) antérieures à 6.2(27) pour MDS 9000 Series Multilayer Switches
Cisco	NX-OS	Cisco NX-OS versions 7.x et 8.2(x) antérieures à 8.2(3) pour Nexus 7000 et 7700 Series Switches
Cisco	NX-OS	Cisco NX-OS versions 7.3(x) et 8.x antérieures à 8.3(2) pour MDS 9000 Series Multilayer Switches
Cisco	NX-OS	Cisco NX-OS versions 8.3(x) antérieures à 8.3(2) pour Nexus 7000 et 7700 Series Switches
Cisco	N/A	Nexus 9500 R-Series Line Cards and Fabric Modules avec un BIOS d'une version antérieure à 8.34
Cisco	NX-OS	Cisco NX-OS versions antérieures à 7.1(5)N1(1b) pour Nexus 2000, 5500, 5600, et 6000 Series Switches
Cisco	NX-OS	Cisco NX-OS versions antérieures à 7.0(3)I7(6) pour Nexus 9000 Series Switches in Standalone NX-OS Mode, Nexus 3000 Series Switches et Nexus 3500 Platform Switches,
Cisco	NX-OS	Cisco NX-OS versions antérieures à 14.0(3d) pour Nexus 9000 Series Fabric Switches in ACI Mode
Cisco	N/A	Nexus 3000 Series Switches avec un BIOS d'une version antérieure à 7.63 ou 8.34 (voir le site du constructeur pour plus de détails)
Cisco	NX-OS	Cisco NX-OS versions 9.2(x) antérieures à 9.2(2) pour Nexus 9000 Series Switches in Standalone NX-OS Mode, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 9500 R-Series Line Cards and Fabric Modules et Nexus 3600 Platform Switches
Cisco	NX-OS	Cisco NX-OS versions antérieures à 6.2(22) pour Nexus 7000 et 7700 Series Switches
Cisco	NX-OS	Cisco NX-OS versions antérieures à 5.2(1)SV3(4.1a) pour Nexus 1000V Switch for VMware vSphere
Cisco	N/A	Nexus 9000 Series Switches avec un BIOS d'une version antérieure à 7.63 ou 8.34 (voir le site du constructeur pour plus de détails)
Cisco	N/A	Cisco FXOS versions antérieures à 2.2.2.91 pour Firepower 4100 Series Next-Generation Firewalls et Firepower 9300 Security Appliance
Cisco	NX-OS	Cisco NX-OS versions antérieures à 7.0(3)F3(5) pour Nexus 9500 R-Series Line Cards and Fabric Modules et Nexus 3600 Platform Switches

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20190306-nxos-privesc du 06 mars 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190306-nxos-cmdinj-1610 du 06 mars 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190306-nxos-escalation du 06 mars 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190306-tetra-ace du 06 mars 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190306-nxos-sig-verif du 06 mars 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190306-nx-os-lan-auth du 06 mars 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190306-nxos-cmdinj-1611 du 06 mars 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190306-nxos-cmdinj-1608 du 06 mars 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190306-nxos-npv-dos du 06 mars 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190306-nxos-cmdinj-1609 du 06 mars 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190306-nxos-cmdinj-1607 du 06 mars 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190306-nxos-file-access du 06 mars 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190306-nxos-cmdinj-1612 du 06 mars 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190306-nxos-NXAPI-cmdinj du 06 mars 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190306-nx-os-api-ex du 06 mars 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190306-nxos-cmdinj-1613 du 06 mars 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190306-nxos-fabric-dos du 06 mars 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190306-nxos-directory du 06 mars 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190306-nx-os-bash-escal du 06 mars 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190306-nxosldap du 06 mars 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190306-nxos-netstack du 06 mars 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190306-nxos-cmdinj-1606 du 06 mars 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190306-aci-shell-escape du 06 mars 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190306-nxos-pe du 06 mars 2019	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20190306-nxos-privesca du 06 mars 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco FXOS versions 2.4.x ant\u00e9rieures \u00e0 2.4.1.122 pour Firepower 4100 Series Next-Generation Firewalls et Firepower 9300 Security Appliance",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco NX-OS versions ant\u00e9rieures \u00e0 5.2(1)SM3(2.1) pour Nexus 1000V Switch for Microsoft Hyper-V",
      "product": {
        "name": "NX-OS",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco NX-OS versions 7.2(x) et 7.3(x) ant\u00e9rieures \u00e0 7.3(5)N1(1) pour Nexus 2000, 5500, 5600 et 6000 Series Switches",
      "product": {
        "name": "NX-OS",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco FXOS versions 2.3.x ant\u00e9rieures \u00e0 2.3.1.110 pour Firepower 4100 Series Next-Generation Firewalls et Firepower 9300 Security Appliance",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco NX-OS versions 4.0(x) ant\u00e9rieures \u00e0 4.0(2a) pour UCS 6200 et 6300 Fabric Interconnects",
      "product": {
        "name": "NX-OS",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco NX-OS versions ant\u00e9rieures \u00e0 3.2(3j) pour UCS 6200 et 6300 Fabric Interconnects",
      "product": {
        "name": "NX-OS",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco NX-OS versions ant\u00e9rieures \u00e0 6.0(2)A8(11) pour Nexus 3500 Platform Switches",
      "product": {
        "name": "NX-OS",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco NX-OS versions 5.2(x) et 6.2(x) ant\u00e9rieures \u00e0 6.2(27) pour MDS 9000 Series Multilayer Switches",
      "product": {
        "name": "NX-OS",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco NX-OS versions 7.x et 8.2(x) ant\u00e9rieures \u00e0 8.2(3) pour Nexus 7000 et 7700 Series Switches",
      "product": {
        "name": "NX-OS",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco NX-OS versions 7.3(x) et 8.x ant\u00e9rieures \u00e0 8.3(2) pour MDS 9000 Series Multilayer Switches",
      "product": {
        "name": "NX-OS",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco NX-OS versions 8.3(x) ant\u00e9rieures \u00e0 8.3(2) pour Nexus 7000 et 7700 Series Switches",
      "product": {
        "name": "NX-OS",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Nexus 9500 R-Series Line Cards and Fabric Modules avec un BIOS d\u0027une version ant\u00e9rieure \u00e0 8.34",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco NX-OS versions ant\u00e9rieures \u00e0 7.1(5)N1(1b) pour Nexus 2000, 5500, 5600, et 6000 Series Switches",
      "product": {
        "name": "NX-OS",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco NX-OS versions ant\u00e9rieures \u00e0 7.0(3)I7(6) pour Nexus 9000 Series Switches in Standalone NX-OS Mode, Nexus 3000 Series Switches et Nexus 3500 Platform Switches,",
      "product": {
        "name": "NX-OS",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco NX-OS versions ant\u00e9rieures \u00e0 14.0(3d) pour Nexus 9000 Series Fabric Switches in ACI Mode",
      "product": {
        "name": "NX-OS",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Nexus 3000 Series Switches avec un BIOS d\u0027une version ant\u00e9rieure \u00e0 7.63 ou 8.34 (voir le site du constructeur pour plus de d\u00e9tails)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco NX-OS versions 9.2(x) ant\u00e9rieures \u00e0 9.2(2) pour Nexus 9000 Series Switches in Standalone NX-OS Mode, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 9500 R-Series Line Cards and Fabric Modules et Nexus 3600 Platform Switches",
      "product": {
        "name": "NX-OS",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco NX-OS versions ant\u00e9rieures \u00e0 6.2(22) pour Nexus 7000 et 7700 Series Switches",
      "product": {
        "name": "NX-OS",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco NX-OS versions ant\u00e9rieures \u00e0 5.2(1)SV3(4.1a) pour Nexus 1000V Switch for VMware vSphere",
      "product": {
        "name": "NX-OS",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Nexus 9000 Series Switches avec un BIOS d\u0027une version ant\u00e9rieure \u00e0 7.63 ou 8.34 (voir le site du constructeur pour plus de d\u00e9tails)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco FXOS versions ant\u00e9rieures \u00e0 2.2.2.91 pour Firepower 4100 Series Next-Generation Firewalls et Firepower 9300 Security Appliance",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco NX-OS versions ant\u00e9rieures \u00e0 7.0(3)F3(5) pour Nexus 9500 R-Series Line Cards and Fabric Modules et Nexus 3600 Platform Switches",
      "product": {
        "name": "NX-OS",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-1607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1607"
    },
    {
      "name": "CVE-2019-1597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1597"
    },
    {
      "name": "CVE-2019-1593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1593"
    },
    {
      "name": "CVE-2019-1599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1599"
    },
    {
      "name": "CVE-2019-1617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1617"
    },
    {
      "name": "CVE-2019-1605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1605"
    },
    {
      "name": "CVE-2019-1616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1616"
    },
    {
      "name": "CVE-2019-1594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1594"
    },
    {
      "name": "CVE-2019-1591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1591"
    },
    {
      "name": "CVE-2019-1604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1604"
    },
    {
      "name": "CVE-2019-1603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1603"
    },
    {
      "name": "CVE-2019-1611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1611"
    },
    {
      "name": "CVE-2019-1601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1601"
    },
    {
      "name": "CVE-2019-1606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1606"
    },
    {
      "name": "CVE-2019-1602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1602"
    },
    {
      "name": "CVE-2019-1614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1614"
    },
    {
      "name": "CVE-2019-1596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1596"
    },
    {
      "name": "CVE-2019-1598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1598"
    },
    {
      "name": "CVE-2019-1618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1618"
    },
    {
      "name": "CVE-2019-1613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1613"
    },
    {
      "name": "CVE-2019-1612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1612"
    },
    {
      "name": "CVE-2019-1608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1608"
    },
    {
      "name": "CVE-2019-1600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1600"
    },
    {
      "name": "CVE-2019-1609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1609"
    },
    {
      "name": "CVE-2019-1615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1615"
    },
    {
      "name": "CVE-2019-1610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1610"
    }
  ],
  "initial_release_date": "2019-03-07T00:00:00",
  "last_revision_date": "2019-03-07T00:00:00",
  "links": [],
  "reference": "CERTFR-2019-AVI-092",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-03-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, une ex\u00e9cution de code\narbitraire et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-nxos-privesc du 06 mars 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-privesc"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-nxos-cmdinj-1610 du 06 mars 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1610"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-nxos-escalation du 06 mars 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-escalation"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-tetra-ace du 06 mars 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-tetra-ace"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-nxos-sig-verif du 06 mars 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-sig-verif"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-nx-os-lan-auth du 06 mars 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nx-os-lan-auth"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-nxos-cmdinj-1611 du 06 mars 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1611"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-nxos-cmdinj-1608 du 06 mars 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1608"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-nxos-npv-dos du 06 mars 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-npv-dos"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-nxos-cmdinj-1609 du 06 mars 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1609"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-nxos-cmdinj-1607 du 06 mars 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1607"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-nxos-file-access du 06 mars 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-file-access"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-nxos-cmdinj-1612 du 06 mars 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1612"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-nxos-NXAPI-cmdinj du 06 mars 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-NXAPI-cmdinj"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-nx-os-api-ex du 06 mars 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nx-os-api-ex"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-nxos-cmdinj-1613 du 06 mars 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1613"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-nxos-fabric-dos du 06 mars 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-fabric-dos"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-nxos-directory du 06 mars 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-directory"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-nx-os-bash-escal du 06 mars 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nx-os-bash-escal"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-nxosldap du 06 mars 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxosldap"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-nxos-netstack du 06 mars 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-netstack"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-nxos-cmdinj-1606 du 06 mars 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1606"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-aci-shell-escape du 06 mars 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-aci-shell-escape"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-nxos-pe du 06 mars 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-pe"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-nxos-privesca du 06 mars 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-privesca"
    }
  ]
}

FKIE_CVE-2019-1608

Vulnerability from fkie_nvd - Published: 2019-03-08 20:29 - Updated: 2024-11-21 04:36

Severity ?

6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
psirt@cisco.com	http://www.securityfocus.com/bid/107386	Third Party Advisory, VDB Entry
psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1608	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/107386	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1608	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	nx-os	*
cisco	mds_9000	-
cisco	nx-os	*
cisco	mds_9000	-
cisco	nx-os	*
cisco	mds_9000	-
cisco	nx-os	*
cisco	nexus_7000	-
cisco	nexus_7700	-
cisco	nx-os	*
cisco	nexus_7000	-
cisco	nexus_7700	-
cisco	nx-os	*
cisco	nexus_7000	-
cisco	nexus_7700	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4863FC5-6578-48DE-838D-E5D2EEFF27B1",
              "versionEndExcluding": "8.3\\(1\\)",
              "versionStartIncluding": "8.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:mds_9000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FD00AB9-F2DD-4D07-8DFF-E7B34824D66A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "86770ECC-BC1D-42BC-A65B-FCE598491BEE",
              "versionEndExcluding": "8.1\\(1b\\)",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:mds_9000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FD00AB9-F2DD-4D07-8DFF-E7B34824D66A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "50211BF4-77B7-444C-8D54-8B8B2A4B6023",
              "versionEndExcluding": "6.2\\(27\\)",
              "versionStartIncluding": "5.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:mds_9000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FD00AB9-F2DD-4D07-8DFF-E7B34824D66A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF759F06-2AEB-45DC-8316-4565AFC9373D",
              "versionEndExcluding": "8.2\\(3\\)",
              "versionStartExcluding": "8.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "12180BEB-7F21-4FA7-ABD2-E9A8EA7340F3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_7700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD7A4B4B-3BB1-4A4D-911E-C4EEF01BBC45",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF571FB1-A40C-4188-AF84-0156523E23AE",
              "versionEndExcluding": "7.3\\(3\\)d1\\(1\\)",
              "versionStartExcluding": "7.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "12180BEB-7F21-4FA7-ABD2-E9A8EA7340F3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_7700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD7A4B4B-3BB1-4A4D-911E-C4EEF01BBC45",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A67D92F3-7EE1-4CFD-9608-4E35994C1BC4",
              "versionEndExcluding": "6.2\\(22\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "12180BEB-7F21-4FA7-ABD2-E9A8EA7340F3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_7700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD7A4B4B-3BB1-4A4D-911E-C4EEF01BBC45",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(27), 8.1(1b), and 8.3(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la CLI del software NX-OS de Cisco podr\u00eda permitir a un atacante local autenticado ejecutar comandos arbitrarios en el sistema operativo subyacente de un dispositivo afectado. La vulnerabilidad se debe a una validaci\u00f3n de argumentos insuficiente que se env\u00edan a determinados comandos CLI. Un atacante podr\u00eda explotar esta vulnerabilidad incluyendo entradas maliciosas como el argumento de un comando afectado. Un exploit con \u00e9xito podr\u00eda permitir al atacante ejecutar comandos arbitrarios del sistema operativo subyacente con privilegios elevados. Un atacante necesitar\u00eda credenciales del administrador v\u00e1lidas para explotar esta vulnerabilidad. Los switches de MDS 9000 Series Multilayer se ven afectados en versiones anteriores a las 6.2(27), 8.1(1b) y 8.3(1). Los switches de Nexus, en sus series 7000 y 7700, se ven afectados en versiones anteriores a las 6.2(22), 7.3(3)D1(1) y 8.2(3)."
    }
  ],
  "id": "CVE-2019-1608",
  "lastModified": "2024-11-21T04:36:55.030",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 4.2,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 3.4,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-03-08T20:29:00.450",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107386"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1608"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107386"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1608"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-88"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2019-42590

Vulnerability from cnvd - Published: 2019-11-28

Title

Cisco NX-OS Software CLI命令注入漏洞

Description

Cisco MDS 9000 Series Multilayer Switches等都是美国思科（Cisco）公司的产品。Cisco MDS 9000 Series Multilayer Switches是一款MDS 9000系列多层交换机。Cisco Nexus 7000 Series Switches是一款7000系列交换机。Cisco NX-OS Software是一套交换机使用的数据中心级操作系统软件。Cisco Nexus 7700 Series Switches是一款7700系列交换机。 Cisco NX-OS Software中的CLI存在命令注入漏洞，该漏洞源于程序未能充分验证传递到CLI命令的参数，本地攻击者可借助恶意的输入利用该漏洞在底层操作系统上执行任意命令。

Severity

高

Patch Name

Cisco NX-OS Software CLI命令注入漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1608

Reference

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1608 https://www.securityfocus.com/bid/107386

Impacted products

Name
['Cisco Nexus 7000 Series Switches 0', 'Cisco MDS 9000 Series Multilayer Switches <6.2(27)', 'Cisco MDS 9000 Series Multilayer Switches <8.1(1b)', 'Cisco MDS 9000 Series Multilayer Switches <8.3(1)', 'Cisco Nexus 7700 Series Switches <6.2(22)', 'Cisco Nexus 7700 Series Switches <7.3(3)D1(1)', 'Cisco Nexus 7700 Series Switches <8.2(3)']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-1608"
    }
  },
  "description": "Cisco MDS 9000 Series Multilayer Switches\u7b49\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco MDS 9000 Series Multilayer Switches\u662f\u4e00\u6b3eMDS 9000\u7cfb\u5217\u591a\u5c42\u4ea4\u6362\u673a\u3002Cisco Nexus 7000 Series Switches\u662f\u4e00\u6b3e7000\u7cfb\u5217\u4ea4\u6362\u673a\u3002Cisco NX-OS Software\u662f\u4e00\u5957\u4ea4\u6362\u673a\u4f7f\u7528\u7684\u6570\u636e\u4e2d\u5fc3\u7ea7\u64cd\u4f5c\u7cfb\u7edf\u8f6f\u4ef6\u3002Cisco Nexus 7700 Series Switches\u662f\u4e00\u6b3e7700\u7cfb\u5217\u4ea4\u6362\u673a\u3002\n\nCisco NX-OS Software\u4e2d\u7684CLI\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u9a8c\u8bc1\u4f20\u9012\u5230CLI\u547d\u4ee4\u7684\u53c2\u6570\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u501f\u52a9\u6076\u610f\u7684\u8f93\u5165\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u5e95\u5c42\u64cd\u4f5c\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1608",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-42590",
  "openTime": "2019-11-28",
  "patchDescription": "Cisco MDS 9000 Series Multilayer Switches\u7b49\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco MDS 9000 Series Multilayer Switches\u662f\u4e00\u6b3eMDS 9000\u7cfb\u5217\u591a\u5c42\u4ea4\u6362\u673a\u3002Cisco Nexus 7000 Series Switches\u662f\u4e00\u6b3e7000\u7cfb\u5217\u4ea4\u6362\u673a\u3002Cisco NX-OS Software\u662f\u4e00\u5957\u4ea4\u6362\u673a\u4f7f\u7528\u7684\u6570\u636e\u4e2d\u5fc3\u7ea7\u64cd\u4f5c\u7cfb\u7edf\u8f6f\u4ef6\u3002Cisco Nexus 7700 Series Switches\u662f\u4e00\u6b3e7700\u7cfb\u5217\u4ea4\u6362\u673a\u3002\r\n\r\nCisco NX-OS Software\u4e2d\u7684CLI\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u9a8c\u8bc1\u4f20\u9012\u5230CLI\u547d\u4ee4\u7684\u53c2\u6570\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u501f\u52a9\u6076\u610f\u7684\u8f93\u5165\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u5e95\u5c42\u64cd\u4f5c\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco NX-OS Software CLI\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Nexus 7000 Series Switches 0",
      "Cisco MDS 9000 Series Multilayer Switches \u003c6.2(27)",
      "Cisco MDS 9000 Series Multilayer Switches \u003c8.1(1b)",
      "Cisco MDS 9000 Series Multilayer Switches \u003c8.3(1)",
      "Cisco Nexus 7700 Series Switches \u003c6.2(22)",
      "Cisco Nexus 7700 Series Switches \u003c7.3(3)D1(1)",
      "Cisco Nexus 7700 Series Switches \u003c8.2(3)"
    ]
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1608\r\nhttps://www.securityfocus.com/bid/107386",
  "serverity": "\u9ad8",
  "submitTime": "2019-03-11",
  "title": "Cisco NX-OS Software CLI\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}

GHSA-9P57-W95J-8FJH

Vulnerability from github – Published: 2022-05-13 01:14 – Updated: 2022-05-13 01:14

Details

Severity ?

6.7 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-1608"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-88"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-03-08T20:29:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(27), 8.1(1b), and 8.3(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3).",
  "id": "GHSA-9p57-w95j-8fjh",
  "modified": "2022-05-13T01:14:56Z",
  "published": "2022-05-13T01:14:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1608"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1608"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/107386"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2019-1608

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-1608

Aliases

CVE-2019-1608

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-1608",
    "description": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(27), 8.1(1b), and 8.3(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3).",
    "id": "GSD-2019-1608"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-1608"
      ],
      "details": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(27), 8.1(1b), and 8.3(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3).",
      "id": "GSD-2019-1608",
      "modified": "2023-12-13T01:23:51.570891Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "DATE_PUBLIC": "2019-03-06T16:00:00-0800",
        "ID": "CVE-2019-1608",
        "STATE": "PUBLIC",
        "TITLE": "Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1608)"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "MDS 9000 Series Multilayer Switches",
                    "version": {
                      "version_data": [
                        {
                          "affected": "\u003c",
                          "version_value": "6.2(27)"
                        },
                        {
                          "affected": "\u003c",
                          "version_value": "8.1(1b)"
                        },
                        {
                          "affected": "\u003c",
                          "version_value": "8.3(1)"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Nexus 7000 and 7700 Series Switches",
                    "version": {
                      "version_data": [
                        {
                          "affected": "\u003c",
                          "version_value": "6.2(22)"
                        },
                        {
                          "affected": "\u003c",
                          "version_value": "7.3(3)D1(1)"
                        },
                        {
                          "affected": "\u003c",
                          "version_value": "8.2(3)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Cisco"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(27), 8.1(1b), and 8.3(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3)."
          }
        ]
      },
      "exploit": [
        {
          "lang": "eng",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
        }
      ],
      "impact": {
        "cvss": {
          "baseScore": "4.2",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L ",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-77"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "107386",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/107386"
          },
          {
            "name": "20190306 Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1608)",
            "refsource": "CISCO",
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1608"
          }
        ]
      },
      "source": {
        "advisory": "cisco-sa-20190306-nxos-cmdinj-1608",
        "defect": [
          [
            "CSCvi01422"
          ]
        ],
        "discovery": "INTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "8.3\\(1\\)",
                    "versionStartIncluding": "8.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:mds_9000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "8.1\\(1b\\)",
                    "versionStartIncluding": "7.3",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:mds_9000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "6.2\\(27\\)",
                    "versionStartIncluding": "5.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:mds_9000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "8.2\\(3\\)",
                    "versionStartExcluding": "8.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:nexus_7700:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "7.3\\(3\\)d1\\(1\\)",
                    "versionStartExcluding": "7.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:nexus_7700:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "6.2\\(22\\)",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:nexus_7700:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2019-1608"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(27), 8.1(1b), and 8.3(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-88"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190306 Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1608)",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1608"
            },
            {
              "name": "107386",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/107386"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 0.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-10-05T19:51Z",
      "publishedDate": "2019-03-08T20:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-1608 (GCVE-0-2019-1608)

CVE-2019-1608

CERTFR-2019-AVI-092

Solution

FKIE_CVE-2019-1608

CNVD-2019-42590

GHSA-9P57-W95J-8FJH

GSD-2019-1608

Tags

Sightings

Nomenclature