7.2

CVE-2019-12662

A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper signature verification during the installation of an Open Virtual Appliance (OVA) image. An authenticated, local attacker could exploit this vulnerability and load a malicious, unsigned OVA image on an affected device. A successful exploit could allow an attacker to perform code execution on a crafted software OVA image.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoIos Xe Version16.8.1
CiscoNx-os Version8.1(0.2)s0
   CiscoMds 9000 Version-
CiscoNx-os Version8.1(1)
   CiscoMds 9000 Version-
CiscoNx-os Version8.1(1)s5
   CiscoMds 9000 Version-
CiscoNx-os Version8.1(0)bd(0.20)
   CiscoNexus 9000v Version-
   CiscoNexus 92160yc-x Version-
   CiscoNexus 92300yc Version-
   CiscoNexus 92304qc Version-
   CiscoNexus 92348gc-x Version-
   CiscoNexus 9236c Version-
   CiscoNexus 9272q Version-
   CiscoNexus 93108tc-ex Version-
   CiscoNexus 93108tc-fx Version-
   CiscoNexus 93120tx Version-
   CiscoNexus 93128tx Version-
   CiscoNexus 93180lc-ex Version-
   CiscoNexus 93180yc-ex Version-
   CiscoNexus 93180yc-fx Version-
   CiscoNexus 93216tc-fx2 Version-
   CiscoNexus 93240yc-fx2 Version-
   CiscoNexus 9332c Version-
   CiscoNexus 9332pq Version-
   CiscoNexus 93360yc-fx2 Version-
   CiscoNexus 9336c-fx2 Version-
   CiscoNexus 9336pq Aci Spine Version-
   CiscoNexus 9348gc-fxp Version-
   CiscoNexus 9364c Version-
   CiscoNexus 9372px Version-
   CiscoNexus 9372px-e Version-
   CiscoNexus 9372tx Version-
   CiscoNexus 9372tx-e Version-
   CiscoNexus 9396px Version-
   CiscoNexus 9396tx Version-
   CiscoNexus 9504 Version-
   CiscoNexus 9508 Version-
   CiscoNexus 9516 Version-
CiscoNexus 3016 Firmware Version-
   CiscoNexus 3016 Version-
CiscoNexus 3048 Firmware Version-
   CiscoNexus 3048 Version-
CiscoNexus 3064 Firmware Version-
   CiscoNexus 3064 Version-
CiscoNexus 3064-t Firmware Version-
   CiscoNexus 3064-t Version-
CiscoNexus 31108pc-v Firmware Version-
   CiscoNexus 31108pc-v Version-
CiscoNexus 31108tc-v Firmware Version-
   CiscoNexus 31108tc-v Version-
CiscoNexus 31128pq Firmware Version-
   CiscoNexus 31128pq Version-
CiscoNexus 3132c-z Firmware Version-
   CiscoNexus 3132c-z Version-
CiscoNexus 3132q Firmware Version-
   CiscoNexus 3132q Version-
CiscoNexus 3132q-v Firmware Version-
   CiscoNexus 3132q-v Version-
CiscoNexus 3132q-xl Firmware Version-
   CiscoNexus 3132q-xl Version-
CiscoNexus 3164q Firmware Version-
   CiscoNexus 3164q Version-
CiscoNexus 3172 Firmware Version-
   CiscoNexus 3172 Version-
CiscoNexus 3172pq-xl Firmware Version-
   CiscoNexus 3172pq-xl Version-
CiscoNexus 3172tq Firmware Version-
   CiscoNexus 3172tq Version-
CiscoNexus 3172tq-32t Firmware Version-
   CiscoNexus 3172tq-32t Version-
CiscoNexus 3172tq-xl Firmware Version-
   CiscoNexus 3172tq-xl Version-
CiscoNexus 3232c Firmware Version-
   CiscoNexus 3232c Version-
CiscoNexus 3264c-e Firmware Version-
   CiscoNexus 3264c-e Version-
CiscoNexus 3264q Firmware Version-
   CiscoNexus 3264q Version-
CiscoNexus 3408-s Firmware Version-
   CiscoNexus 3408-s Version-
CiscoNexus 34180yc Firmware Version-
   CiscoNexus 34180yc Version-
CiscoNexus 34200yc-sm Firmware Version-
   CiscoNexus 34200yc-sm Version-
CiscoNexus 3432d-s Firmware Version-
   CiscoNexus 3432d-s Version-
CiscoNexus 3464c Firmware Version-
   CiscoNexus 3464c Version-
CiscoNexus 3524 Firmware Version-
   CiscoNexus 3524 Version-
CiscoNexus 3524-x Firmware Version-
   CiscoNexus 3524-x Version-
CiscoNexus 3524-xl Firmware Version-
   CiscoNexus 3524-xl Version-
CiscoNexus 3548 Firmware Version-
   CiscoNexus 3548 Version-
CiscoNexus 3548-x Firmware Version-
   CiscoNexus 3548-x Version-
CiscoNexus 3548-xl Firmware Version-
   CiscoNexus 3548-xl Version-
CiscoNexus 5548p Firmware Version-
   CiscoNexus 5548p Version-
CiscoNexus 5548up Firmware Version-
   CiscoNexus 5548up Version-
CiscoNexus 5596t Firmware Version-
   CiscoNexus 5596t Version-
CiscoNexus 5596up Firmware Version-
   CiscoNexus 5596up Version-
CiscoNexus 56128p Firmware Version-
   CiscoNexus 56128p Version-
CiscoNexus 5624q Firmware Version-
   CiscoNexus 5624q Version-
CiscoNexus 5648q Firmware Version-
   CiscoNexus 5648q Version-
CiscoNexus 5672up Firmware Version-
   CiscoNexus 5672up Version-
CiscoNexus 5696q Firmware Version-
   CiscoNexus 5696q Version-
CiscoNexus 6001 Firmware Version-
   CiscoNexus 6001 Version-
CiscoNexus 6004 Firmware Version-
   CiscoNexus 6004 Version-
CiscoNexus 7000 10-slot Firmware Version-
   CiscoNexus 7000 10-slot Version-
CiscoNexus 7000 18-slot Firmware Version-
   CiscoNexus 7000 18-slot Version-
CiscoNexus 7000 4-slot Firmware Version-
   CiscoNexus 7000 4-slot Version-
CiscoNexus 7000 9-slot Firmware Version-
   CiscoNexus 7000 9-slot Version-
CiscoNexus 7700 10-slot Firmware Version-
   CiscoNexus 7700 10-slot Version-
CiscoNexus 7700 18-slot Firmware Version-
   CiscoNexus 7700 18-slot Version-
CiscoNexus 7700 2-slot Firmware Version-
   CiscoNexus 7700 2-slot Version-
CiscoNexus 7700 6-slot Firmware Version-
   CiscoNexus 7700 6-slot Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.03% 0.084
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
psirt@cisco.com 6.7 0.8 5.9
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.