Vulnerabilites related to cisco - ns-ox
var-201905-0507
Vulnerability from variot
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. Cisco NX-OS The software includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco NX-OS Software is prone to a local command-injection vulnerability. This issue is being tracked by Cisco Bug IDs CSCvh75867, CSCvh75958, CSCvi92239, CSCvi92240, CSCvi92242, CSCvi92243 and CSCvk36294
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0507",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ns-ox",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0\\(3\\)f3\\(5\\)"
},
{
"model": "ns-ox",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "8.3"
},
{
"model": "ns-ox",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "ns-ox",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "8.2\\(3\\)"
},
{
"model": "ns-ox",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0\\(3\\)"
},
{
"model": "ns-ox",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0\\(3\\)i7\\(4\\)"
},
{
"model": "ns-ox",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "7.3\\(3\\)d1\\(1\\)"
},
{
"model": "ns-ox",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "8.3\\(1\\)"
},
{
"model": "ns-ox",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0\\(3\\)i4"
},
{
"model": "ns-ox",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0\\(2\\)a8\\(11\\)"
},
{
"model": "ns-ox",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0\\(3\\)i4\\(9\\)"
},
{
"model": "ns-ox",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0\\(3\\)i7"
},
{
"model": "ns-ox",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "5.2"
},
{
"model": "ns-ox",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "5.2\\(1\\)sm3\\(2.1\\)"
},
{
"model": "ns-ox",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2\\(22\\)"
},
{
"model": "ns-ox",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "7.3\\(4\\)n1\\(1\\)"
},
{
"model": "ns-ox",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0"
},
{
"model": "nx-os",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.3"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.2"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.3"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "nx-os 7.0 i7",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "nx-os 7.0 i4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(3)"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2"
},
{
"model": "nx-os 6.0 a8",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2"
},
{
"model": "nexus r-series switching platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "95000"
},
{
"model": "nexus series switches standalone nx-os mode",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9000-0"
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "77000"
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "70000"
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60000"
},
{
"model": "nexus platform switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "56000"
},
{
"model": "nexus platform switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55000"
},
{
"model": "nexus platform switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "36000"
},
{
"model": "nexus platform switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "35000"
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "30000"
},
{
"model": "nexus switch for vmware vsphere",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1000v0"
},
{
"model": "nexus switch for microsoft hyper-v",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1000v0"
},
{
"model": "nx-os",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.3(1)"
},
{
"model": "nx-os",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.2(3)"
},
{
"model": "nx-os 7.3 n1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "nx-os 7.3 d1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "nx-os 7.0 i7",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "nx-os 7.0 i4",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "nx-os 7.0 f3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "nx-os",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(22)"
},
{
"model": "nx-os 6.0 a8",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "nx-os 5.2 sv3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "nx-os 5.2 sm3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "108376"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004663"
},
{
"db": "NVD",
"id": "CVE-2019-1770"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:nx-os",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004663"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco.",
"sources": [
{
"db": "BID",
"id": "108376"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-658"
}
],
"trust": 0.9
},
"cve": "CVE-2019-1770",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-1770",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"id": "CVE-2019-1770",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ykramarz@cisco.com",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 0.8,
"id": "CVE-2019-1770",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.7,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-1770",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-1770",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2019-1770",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-1770",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-658",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004663"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-658"
},
{
"db": "NVD",
"id": "CVE-2019-1770"
},
{
"db": "NVD",
"id": "CVE-2019-1770"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. Cisco NX-OS The software includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco NX-OS Software is prone to a local command-injection vulnerability. \nThis issue is being tracked by Cisco Bug IDs CSCvh75867, CSCvh75958, CSCvi92239, CSCvi92240, CSCvi92242, CSCvi92243 and CSCvk36294",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-1770"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004663"
},
{
"db": "BID",
"id": "108376"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-1770",
"trust": 2.7
},
{
"db": "BID",
"id": "108376",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004663",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.1759.4",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1759.3",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1759.5",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201905-658",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "108376"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004663"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-658"
},
{
"db": "NVD",
"id": "CVE-2019-1770"
}
]
},
"id": "VAR-201905-0507",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.562777678
},
"last_update_date": "2024-11-23T21:52:18.075000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20190515-nxos-cmdinj-1770",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1770"
},
{
"title": "Cisco NX-OS Software Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92783"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004663"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-658"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004663"
},
{
"db": "NVD",
"id": "CVE-2019-1770"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/108376"
},
{
"trust": 1.9,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1770"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1770"
},
{
"trust": 0.9,
"url": "http://www.cisco.com/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1770"
},
{
"trust": 0.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-fxos-nxos-cmdinj-1781-1782"
},
{
"trust": 0.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-snmp-dos"
},
{
"trust": 0.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-fxos-info"
},
{
"trust": 0.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-conf-bypass"
},
{
"trust": 0.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1795"
},
{
"trust": 0.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-fxos-cmdinj-1780"
},
{
"trust": 0.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-fxos-cmdinj-1779"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.1759.5/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.1759.4/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.1759.3/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/81118"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/cisco-nx-os-shell-command-execution-via-cli-29336"
}
],
"sources": [
{
"db": "BID",
"id": "108376"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004663"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-658"
},
{
"db": "NVD",
"id": "CVE-2019-1770"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "108376"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004663"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-658"
},
{
"db": "NVD",
"id": "CVE-2019-1770"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-15T00:00:00",
"db": "BID",
"id": "108376"
},
{
"date": "2019-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004663"
},
{
"date": "2019-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-658"
},
{
"date": "2019-05-15T20:29:00.820000",
"db": "NVD",
"id": "CVE-2019-1770"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-15T00:00:00",
"db": "BID",
"id": "108376"
},
{
"date": "2019-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004663"
},
{
"date": "2020-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-658"
},
{
"date": "2024-11-21T04:37:20.330000",
"db": "NVD",
"id": "CVE-2019-1770"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "108376"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-658"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco NX-OS In software OS Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004663"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-658"
}
],
"trust": 0.6
}
}
cve-2019-1770
Vulnerability from cvelistv5
Published
2019-05-15 19:20
Modified
2024-11-21 19:26
Severity ?
EPSS score ?
Summary
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1770 | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/108376 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco NX-OS Software |
Version: unspecified < n/a |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:28:42.721Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1770)",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1770"
},
{
"name": "108376",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108376"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-1770",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-21T18:58:35.875706Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T19:26:34.128Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco NX-OS Software",
"vendor": "Cisco",
"versions": [
{
"lessThan": "n/a",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-05-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-20T15:06:02",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1770)",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1770"
},
{
"name": "108376",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108376"
}
],
"source": {
"advisory": "cisco-sa-20190515-nxos-cmdinj-1770",
"defect": [
[
"CSCvh75867",
"CSCvh75958",
"CSCvi92239",
"CSCvi92240",
"CSCvi92242",
"CSCvi92243",
"CSCvk36294"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco NX-OS Software Command Injection Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-05-15T16:00:00-0700",
"ID": "CVE-2019-1770",
"STATE": "PUBLIC",
"TITLE": "Cisco NX-OS Software Command Injection Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco NX-OS Software",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "4.2",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190515 Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1770)",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1770"
},
{
"name": "108376",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108376"
}
]
},
"source": {
"advisory": "cisco-sa-20190515-nxos-cmdinj-1770",
"defect": [
[
"CSCvh75867",
"CSCvh75958",
"CSCvi92239",
"CSCvi92240",
"CSCvi92242",
"CSCvi92243",
"CSCvk36294"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2019-1770",
"datePublished": "2019-05-15T19:20:25.203583Z",
"dateReserved": "2018-12-06T00:00:00",
"dateUpdated": "2024-11-21T19:26:34.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2019-05-15 20:29
Modified
2024-11-21 04:37
Severity ?
Summary
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/108376 | Broken Link, Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1770 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/108376 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1770 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ns-ox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02234F49-3DB6-41C8-AF3C-3B26329CB310",
"versionEndExcluding": "5.2\\(1\\)sm3\\(2.1\\)",
"versionStartIncluding": "5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:nexus_1000v:-:*:*:*:*:hyper-v:*:*",
"matchCriteriaId": "69E1B4D2-4200-4C05-9E64-57A18823AF38",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_1000v:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "9A5FFC5B-6F90-4E8F-9AE2-B4DA4C7A144B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ns-ox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "237CF768-CEE5-47C1-898C-B8E8E3580DB8",
"versionEndExcluding": "7.0\\(3\\)i4\\(9\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ns-ox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7C8E561-80F3-45B6-B268-1252A26D9805",
"versionEndExcluding": "7.0\\(3\\)i7\\(4\\)",
"versionStartIncluding": "7.0\\(3\\)i7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:9432pq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E88418C-0BC4-4D90-A14D-0B89F8399AA5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:9536pq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AB93AD1-B5DD-4A69-B1A3-3F163BD2D8BA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:9636pq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19F88FB2-1A75-4166-A4F5-039D67EAA1D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:9736pq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A01B0559-5632-4658-AA3A-221DD28D963F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:n9k-x9432c-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "082A5A44-DC9A-4B48-8F28-1D0EC7F82410",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:n9k-x9464px:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19BCB669-5CC8-4C67-B34C-3F5ADDD4C232",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:n9k-x9464tx2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E693D2-F1D5-4D22-885B-AE853221ABA9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:n9k-x9564px:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C63F63AD-94EC-4A6D-92AF-7FBF6275746A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:n9k-x9564tx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "490EAB88-A0F3-4A88-9A81-B414CE78B34B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:n9k-x9636c-r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9CE53D-E8B7-46CD-9B8B-C746A2524BA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:n9k-x9636c-rx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6782DA1-5568-410D-86E6-2C2B909693DD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:n9k-x97160yc-ex:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04A26215-DEB3-4337-AFE0-5E23C760060D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:n9k-x9732c-ex:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B8F7177-147E-47C0-ADFB-4CD0768D52CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:n9k-x9732c-fx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06A72F9F-773A-463D-8BEB-6B316DF21CFD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:n9k-x9736c-ex:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FC94E7D-84AF-4D2A-85A7-264CED2D107B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:n9k-x9736c-fx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC0082AD-1EFB-4AFE-9974-EAAB926553F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:n9k-x9788tc-fx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4BFAAE41-AD17-4F69-9029-8DD90D824E6F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3048:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC2A6C31-438A-4CF5-A3F3-364B1672EB7D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_31108pc-v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E930332-CDDD-48D5-93BC-C22D693BBFA2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_31108tc-v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF4B8FE-E134-4491-B5C2-C1CFEB64731B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_31128pq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4226DA0-9371-401C-8247-E6E636A116C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3132c-z:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7664666F-BCE4-4799-AEEA-3A73E6AD33F4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3132q-v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3293438-3D18-45A2-B093-2C3F65783336",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3132q-x\\/3132q-xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E142C18F-9FB5-4D96-866A-141D7D16CAF7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3164q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA782EB3-E8E6-4DCF-B39C-B3CBD46E4384",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3172pq\\/pq-xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8EFC116A-627F-4E05-B631-651D161217C8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3172tq-xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3229124-B097-4AAC-8ACD-2F9C89DCC3AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3232c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "652A2849-668D-4156-88FB-C19844A59F33",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3264c-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24FBE87B-8A4F-43A8-98A3-4A7D9C630937",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3264q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6ACD09AC-8B28-4ACB-967B-AB3D450BC137",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3408-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D397349-CCC6-479B-9273-FB1FFF4F34F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_34180yc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC7286A7-780F-4A45-940A-4AD5C9D0F201",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3432d-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7AF8D7-431B-43CE-840F-CC0817D159C0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3464c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAC204C8-1A5A-4E85-824E-DC9B8F6A802D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3524-x\\/xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E505C0B1-2119-4C6A-BF96-C282C633D169",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3548-x\\/xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "915EF8F6-6039-4DD0-B875-30D911752B74",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_36180yc-r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95D2C4C3-65CE-4612-A027-AF70CEFC3233",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3636c-r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57572E4A-78D5-4D1A-938B-F05F01759612",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_92160yc-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4283E433-7F8C-4410-B565-471415445811",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_92300yc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F80AB6FB-32FD-43D7-A9F1-80FA47696210",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93108tc-ex:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A90184B3-C82F-4CE5-B2AD-97D5E4690871",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93108tc-fx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AB89849-6DA4-4C9D-BC3F-EE0E41FD1901",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07DE6F63-2C7D-415B-8C34-01EC05C062F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93180lc-ex:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E952A96A-0F48-4357-B7DD-1127D8827650",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93180yc-ex:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F70D81F1-8B12-4474-9060-B4934D8A3873",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93180yc-fx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7349D69B-D8FA-4462-AA28-69DD18A652D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93216tc-fx2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1CC5F78-E88B-4B82-9E3E-C73D3A49DE26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93240yc-fx2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91231DC6-2773-4238-8C14-A346F213B5E5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9332c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DF88547-BAF4-47B0-9F60-80A30297FCEB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93360yc-fx2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C45A38D6-BED6-4FEF-AD87-A1E813695DE0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9336c-fx2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1FC2B1F-232E-4754-8076-CC82F3648730",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9348gc-fxp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17C7E3DB-8E1A-47AD-B1C5-61747DC0CFB9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9364c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63842B25-8C32-4988-BBBD-61E9CB09B4F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9500_supervisor_a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31B9D1E4-10B9-4B6F-B848-D93ABF6486D6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9500_supervisor_a\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB270C45-756E-400A-979F-D07D750C881A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9500_supervisor_b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E8A085C-2DBA-4269-AB01-B16019FBB4DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9500_supervisor_b\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A79DD582-AF68-44F1-B640-766B46EF2BE2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9504:-:*:*:*:*:*:*:*",
"matchCriteriaId": "768BE390-5ED5-48A7-9E80-C4DE8BA979B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9508:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC2F709-AFBE-48EA-A3A2-DA1134534FB6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9516:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E02DC82-0D26-436F-BA64-73C958932B0A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:x9636q-r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "90F30A43-9E4F-4A03-8060-A38B0925DBD2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ns-ox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD19DD7B-8B97-44CA-BFA0-987F6C63F983",
"versionEndExcluding": "6.0\\(2\\)a8\\(11\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ns-ox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "557728BA-F4A1-45B3-9535-9502CBFFE7BB",
"versionEndExcluding": "7.0\\(3\\)i4\\(9\\)",
"versionStartIncluding": "7.0\\(3\\)i4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ns-ox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7C8E561-80F3-45B6-B268-1252A26D9805",
"versionEndExcluding": "7.0\\(3\\)i7\\(4\\)",
"versionStartIncluding": "7.0\\(3\\)i7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:nexus_3524-x\\/xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E505C0B1-2119-4C6A-BF96-C282C633D169",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3548-x\\/xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "915EF8F6-6039-4DD0-B875-30D911752B74",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ns-ox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE4D8DC0-5166-4BC2-AE00-01B7761C78D8",
"versionEndExcluding": "7.0\\(3\\)f3\\(5\\)",
"versionStartIncluding": "7.0\\(3\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:nexus_36180yc-r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95D2C4C3-65CE-4612-A027-AF70CEFC3233",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3636c-r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57572E4A-78D5-4D1A-938B-F05F01759612",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ns-ox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "148AC30B-2B43-49C9-A60A-68F4078909FF",
"versionEndExcluding": "7.3\\(4\\)n1\\(1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:nexus_5010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E275D31F-4FA1-428E-AB4A-D2802FF0CF1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_5020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7F5823-41A8-47C8-A154-02C6C31EF76A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_5548p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5519EA9-1236-4F51-9974-E3FC1B26B5D2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_5548up:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB0A3B06-8B25-4CD3-AFA9-5F928B1042F4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_5596t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1766443C-1C5A-486E-A36F-D3045F364D78",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_5596up:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4D4403-F93B-4CC8-B75F-7A5B03FEDD85",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_56128p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ABB6E612-4246-4408-B3F6-B31E771F5ACB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_5624q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91B129B2-2B31-4DE0-9F83-CC6E0C8729A0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_5648q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CBD3CD0-B542-4B23-9C9D-061643BE44E8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_5672up:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A22A2647-A4C0-4681-BBC5-D95ADBAA0457",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_5672up-16g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "367C2A49-4C4D-471B-9B34-AFAFA5AE9503",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_5696q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2BB1A3A-668C-4B0D-8AC2-6B4758B3420B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A58223F-3B15-420B-A6D4-841451CF0380",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_6001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9662D6B-AF0F-45C8-B7CD-AE7C76593FDB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_6004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F557E38-09F6-42C6-BABA-3C3168B38BBA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ns-ox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C88689B-C4CA-4EDD-BA94-4C549F4FE96C",
"versionEndExcluding": "6.2\\(22\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ns-ox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06EEC72D-4A0C-4936-AA99-E063575C145A",
"versionEndExcluding": "7.3\\(3\\)d1\\(1\\)",
"versionStartIncluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ns-ox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED30202-4B2A-466F-B184-302330B1666C",
"versionEndExcluding": "8.2\\(3\\)",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ns-ox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8DCBC8BC-9242-4BE9-9B6A-FB92AD64E6CA",
"versionEndExcluding": "8.3\\(1\\)",
"versionStartIncluding": "8.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:7000_10-slot:-:*:*:*:*:*:*:*",
"matchCriteriaId": "489A59F2-D44D-44ED-844C-E0EF83A23C4F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:7000_18-slot:-:*:*:*:*:*:*:*",
"matchCriteriaId": "79689D81-D8F0-4FB1-9B8F-62407474A042",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:7000_4-slot:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BBA5F539-E8AC-44B5-9E9C-2E35F6CAA22E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:7000_9-slot:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D01E7A7E-7111-4C89-8EBD-080B0A3E069C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:7700_10-slot:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADCDCAC9-30F2-4EE3-9D02-5AA8BA6A1E99",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:7700_18-slot:-:*:*:*:*:*:*:*",
"matchCriteriaId": "610E21F4-8188-4B5E-A80F-CFE0F2B9D8A6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:7700_2-slot:-:*:*:*:*:*:*:*",
"matchCriteriaId": "83003054-E458-4405-BA7F-A5EA415D296A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:7700_6-slot:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7610AAC-D1FE-44A8-9925-31F1CCA8AFEF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:n77-f312ck-26:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F58B1C42-9150-48C9-9203-A2466FC61261",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:n77-f324fq-25:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0AD5DA69-09D9-436A-8FC1-A46626DE2789",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:n77-f348xp-23:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0A9CD4D-4659-402D-BDF8-E5EF86449641",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:n77-f430cq-36:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C9DC24E-6B6E-496C-8D8C-09B197B0A77E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:n77-m312cq-26l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9AFA9BC1-3386-4AAE-A1B6-D81761D3EA9B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:n77-m324fq-25l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D753638-4BE8-4BF5-A083-F8360003869D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:n77-m348xp-23l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E6AC35C-29B2-42C7-862D-D9AC3461D8D6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:n7k-f248xp-25e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4FD83D1-8ECB-4DB8-A6E0-2F795F83B4CF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:n7k-f306ck-25:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9B875911-E742-427B-AE07-C8A5955DEA62",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:n7k-f312fq-25:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD0C6431-8EB1-4F69-AF28-8F5C55348AF5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:n7k-m202cf-22l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFCA5EC7-9F36-4473-B0DF-4F0F9C680F10",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:n7k-m206fq-23l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D0E31D5-9F1D-46EC-824F-352A0098944B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:n7k-m224xp-23l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8AD0767-C42B-4BAC-B90C-F4412B661D7A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:n7k-m324fq-25l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B6BF05BA-E0CC-45D6-963F-27F0BD7B3C4F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:n7k-m348xp-25l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D409BDF3-9F35-4D94-9DF0-7B58A519A005",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_7000_supervisor_1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "993AFE99-DFC3-4D92-90C8-D3A6495547BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_7000_supervisor_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7453E0FA-B05D-4888-AFB0-8FE8B8040DFC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_7000_supervisor_2e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "108DB6B5-CB29-477F-84FC-52116F295878",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_7700_supervisor_2e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FBB9435-1CD4-469E-BF16-AD98ADC99AAB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_7700_supervisor_3e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42ABB93D-2C3A-4029-B545-B638B6C7788E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la CLI del programa NX-OS de Cisco podr\u00eda permitir a un atacante local autenticado realizar comandos arbitrarios sobre el sistema operativo Linux subyacente con el nivel de privilegio de ra\u00edz. La vulnerabilidad es debido a una insuficiente validaci\u00f3n de los argumentos pasados ??a un comando CLI espec\u00edfico en el dispositivo afectado. Un atacante podr\u00eda aprovechar esta vulnerabilidad al incluir una entrada maliciosa como el argumento de un comando afectado. Un aprovechamiento exitoso podr\u00eda permitir al atacante realizar comandos arbitrarios sobre el sistema operativo Linux subyacente con elevados privilegios . Un atacante necesitar\u00eda credenciales de administrador v\u00e1lidas para aprovechar esta vulnerabilidad."
}
],
"id": "CVE-2019-1770",
"lastModified": "2024-11-21T04:37:20.330",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 3.4,
"source": "psirt@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-15T20:29:00.820",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108376"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108376"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1770"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}