7.8
CVE-2019-1585
- EPSS 0.19%
- Published 06.03.2019 21:29:00
- Last modified 21.11.2024 04:36:51
- Source psirt@cisco.com
- Teams watchlist Login
- Open Login
A vulnerability in the controller authorization functionality of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attacker to escalate standard users with root privilege on an affected device. The vulnerability is due to a misconfiguration of certain sudoers files for the bashroot component on an affected device. An attacker could exploit this vulnerability by authenticating to the affected device with a crafted user ID, which may allow temporary administrative access to escalate privileges. A successful exploit could allow the attacker to escalate privileges on an affected device. This Vulnerability has been fixed in version 4.0(1h)
Data is provided by the National Vulnerability Database (NVD)
Cisco ≫ Nx-os Version8.3(0)sk(0.39)
Cisco ≫ Nexus 92160yc-x Version-
Cisco ≫ Nexus 92304qc Version-
Cisco ≫ Nexus 9236c Version-
Cisco ≫ Nexus 9272q Version-
Cisco ≫ Nexus 93108tc-ex Version-
Cisco ≫ Nexus 93120tx Version-
Cisco ≫ Nexus 93128tx Version-
Cisco ≫ Nexus 93180yc-ex Version-
Cisco ≫ Nexus 9332pq Version-
Cisco ≫ Nexus 9336pq Aci Spine Version-
Cisco ≫ Nexus 9372px Version-
Cisco ≫ Nexus 9372tx Version-
Cisco ≫ Nexus 9396px Version-
Cisco ≫ Nexus 9396tx Version-
Cisco ≫ Nexus 9500 Version-
Cisco ≫ Nexus 9504 Version-
Cisco ≫ Nexus 9508 Version-
Cisco ≫ Nexus 9516 Version-
Cisco ≫ Nexus 92304qc Version-
Cisco ≫ Nexus 9236c Version-
Cisco ≫ Nexus 9272q Version-
Cisco ≫ Nexus 93108tc-ex Version-
Cisco ≫ Nexus 93120tx Version-
Cisco ≫ Nexus 93128tx Version-
Cisco ≫ Nexus 93180yc-ex Version-
Cisco ≫ Nexus 9332pq Version-
Cisco ≫ Nexus 9336pq Aci Spine Version-
Cisco ≫ Nexus 9372px Version-
Cisco ≫ Nexus 9372tx Version-
Cisco ≫ Nexus 9396px Version-
Cisco ≫ Nexus 9396tx Version-
Cisco ≫ Nexus 9500 Version-
Cisco ≫ Nexus 9504 Version-
Cisco ≫ Nexus 9508 Version-
Cisco ≫ Nexus 9516 Version-
Cisco ≫ Application Policy Infrastructure Controller Software Version <= 4.0\(1h\)
Cisco ≫ Nexus 92160yc-x Version-
Cisco ≫ Nexus 92304qc Version-
Cisco ≫ Nexus 9236c Version-
Cisco ≫ Nexus 9272q Version-
Cisco ≫ Nexus 93108tc-ex Version-
Cisco ≫ Nexus 93120tx Version-
Cisco ≫ Nexus 93128tx Version-
Cisco ≫ Nexus 93180yc-ex Version-
Cisco ≫ Nexus 9332pq Version-
Cisco ≫ Nexus 9336pq Aci Spine Version-
Cisco ≫ Nexus 9372px Version-
Cisco ≫ Nexus 9372tx Version-
Cisco ≫ Nexus 9396px Version-
Cisco ≫ Nexus 9396tx Version-
Cisco ≫ Nexus 9500 Version-
Cisco ≫ Nexus 9504 Version-
Cisco ≫ Nexus 9508 Version-
Cisco ≫ Nexus 9516 Version-
Cisco ≫ Nexus 92304qc Version-
Cisco ≫ Nexus 9236c Version-
Cisco ≫ Nexus 9272q Version-
Cisco ≫ Nexus 93108tc-ex Version-
Cisco ≫ Nexus 93120tx Version-
Cisco ≫ Nexus 93128tx Version-
Cisco ≫ Nexus 93180yc-ex Version-
Cisco ≫ Nexus 9332pq Version-
Cisco ≫ Nexus 9336pq Aci Spine Version-
Cisco ≫ Nexus 9372px Version-
Cisco ≫ Nexus 9372tx Version-
Cisco ≫ Nexus 9396px Version-
Cisco ≫ Nexus 9396tx Version-
Cisco ≫ Nexus 9500 Version-
Cisco ≫ Nexus 9504 Version-
Cisco ≫ Nexus 9508 Version-
Cisco ≫ Nexus 9516 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.374 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
| psirt@cisco.com | 6.7 | 0.8 | 5.9 |
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|