cnvd-2019-42596
Vulnerability from cnvd
Title
Cisco NX-OS和Cisco IOS XE数据伪造问题漏洞
Description
Cisco NX-OS Software和IOS XE都是美国思科(Cisco)公司的产品。Cisco NX-OS Software是一套交换机使用的数据中心级操作系统软件。IOS XE是一套为其网络设备开发的操作系统。 Cisco NX-OS和Cisco IOS XE中存在数据伪造问题漏洞,该漏洞源于在安装Open Virtual Appliance (OVA)镜像过程中,程序未能进行正确的签名验证,本地攻击者可利用该漏洞加载恶意未签名的OVA镜像。
Severity
Patch Name
Cisco NX-OS和Cisco IOS XE数据伪造问题漏洞的补丁
Patch Description
Cisco NX-OS Software和IOS XE都是美国思科(Cisco)公司的产品。Cisco NX-OS Software是一套交换机使用的数据中心级操作系统软件。IOS XE是一套为其网络设备开发的操作系统。 Cisco NX-OS和Cisco IOS XE中存在数据伪造问题漏洞,该漏洞源于在安装Open Virtual Appliance (OVA)镜像过程中,程序未能进行正确的签名验证,本地攻击者可利用该漏洞加载恶意未签名的OVA镜像。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

厂商已发布了漏洞修复程序,请及时关注更新: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-vman

Reference
https://nvd.nist.gov/vuln/detail/CVE-2019-12662
Impacted products
Name
['Cisco Nexus 3000 Series Switche', 'Cisco Nexus 6000 Series Switches', 'Cisco Nexus 7700 Series Switches', 'Cisco Nexus 5600 Platform Switches', 'Cisco Nexus 5500 Platform Switches', 'Cisco Nexus 3500 Platform Switches', 'Cisco Nexus 7000 Series Switches 0', 'Cisco Nexus 9500 R-Series Switching Platform', 'Cisco Nexus 9000 Series Switches in standalone NX-OS mode']
Show details on source website

To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-12662",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-12662"
    }
  },
  "description": "Cisco NX-OS Software\u548cIOS XE\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco NX-OS Software\u662f\u4e00\u5957\u4ea4\u6362\u673a\u4f7f\u7528\u7684\u6570\u636e\u4e2d\u5fc3\u7ea7\u64cd\u4f5c\u7cfb\u7edf\u8f6f\u4ef6\u3002IOS XE\u662f\u4e00\u5957\u4e3a\u5176\u7f51\u7edc\u8bbe\u5907\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\n\nCisco NX-OS\u548cCisco IOS XE\u4e2d\u5b58\u5728\u6570\u636e\u4f2a\u9020\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u5b89\u88c5Open Virtual Appliance (OVA)\u955c\u50cf\u8fc7\u7a0b\u4e2d\uff0c\u7a0b\u5e8f\u672a\u80fd\u8fdb\u884c\u6b63\u786e\u7684\u7b7e\u540d\u9a8c\u8bc1\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u52a0\u8f7d\u6076\u610f\u672a\u7b7e\u540d\u7684OVA\u955c\u50cf\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-vman",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-42596",
  "openTime": "2019-11-28",
  "patchDescription": "Cisco NX-OS Software\u548cIOS XE\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco NX-OS Software\u662f\u4e00\u5957\u4ea4\u6362\u673a\u4f7f\u7528\u7684\u6570\u636e\u4e2d\u5fc3\u7ea7\u64cd\u4f5c\u7cfb\u7edf\u8f6f\u4ef6\u3002IOS XE\u662f\u4e00\u5957\u4e3a\u5176\u7f51\u7edc\u8bbe\u5907\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nCisco NX-OS\u548cCisco IOS XE\u4e2d\u5b58\u5728\u6570\u636e\u4f2a\u9020\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u5b89\u88c5Open Virtual Appliance (OVA)\u955c\u50cf\u8fc7\u7a0b\u4e2d\uff0c\u7a0b\u5e8f\u672a\u80fd\u8fdb\u884c\u6b63\u786e\u7684\u7b7e\u540d\u9a8c\u8bc1\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u52a0\u8f7d\u6076\u610f\u672a\u7b7e\u540d\u7684OVA\u955c\u50cf\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco NX-OS\u548cCisco IOS XE\u6570\u636e\u4f2a\u9020\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Nexus 3000 Series Switche",
      "Cisco Nexus 6000 Series Switches",
      "Cisco Nexus 7700 Series Switches",
      "Cisco Nexus 5600 Platform Switches",
      "Cisco Nexus 5500 Platform Switches",
      "Cisco Nexus 3500 Platform Switches",
      "Cisco Nexus 7000 Series Switches 0",
      "Cisco Nexus 9500 R-Series Switching Platform",
      "Cisco Nexus 9000 Series Switches in standalone NX-OS mode"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-12662",
  "serverity": "\u9ad8",
  "submitTime": "2019-09-26",
  "title": "Cisco NX-OS\u548cCisco IOS XE\u6570\u636e\u4f2a\u9020\u95ee\u9898\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.