4.3
CVE-2019-1587
- EPSS 0.39%
- Published 03.05.2019 15:29:00
- Last modified 21.11.2024 04:36:51
- Source psirt@cisco.com
- Teams watchlist Login
- Open Login
A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, remote attacker to access sensitive information. The vulnerability occurs because the affected software does not properly validate user-supplied input. An attacker could exploit this vulnerability by issuing certain commands with filtered query results on the device. This action may cause returned messages to display confidential system information. A successful exploit could allow the attacker to read sensitive information on the device.
Data is provided by the National Vulnerability Database (NVD)
Cisco ≫ Nx-os Version8.3(0)sk(0.39)
Cisco ≫ Nexus 9000 Version-
Cisco ≫ Nexus 92160yc-x Version-
Cisco ≫ Nexus 92300yc Version-
Cisco ≫ Nexus 92304qc Version-
Cisco ≫ Nexus 9236c Version-
Cisco ≫ Nexus 9272q Version-
Cisco ≫ Nexus 93108tc-ex Version-
Cisco ≫ Nexus 93108tc-fx Version-
Cisco ≫ Nexus 93120tx Version-
Cisco ≫ Nexus 93128tx Version-
Cisco ≫ Nexus 93180lc-ex Version-
Cisco ≫ Nexus 93180yc-ex Version-
Cisco ≫ Nexus 93180yc-fx Version-
Cisco ≫ Nexus 93240yc-fx2 Version-
Cisco ≫ Nexus 9332c Version-
Cisco ≫ Nexus 9332pq Version-
Cisco ≫ Nexus 9336c-fx2 Version-
Cisco ≫ Nexus 9336pq Version-
Cisco ≫ Nexus 9348gc-fxp Version-
Cisco ≫ Nexus 9364c Version-
Cisco ≫ Nexus 9372px Version-
Cisco ≫ Nexus 9372px-e Version-
Cisco ≫ Nexus 9372tx Version-
Cisco ≫ Nexus 9372tx-e Version-
Cisco ≫ Nexus 9396px Version-
Cisco ≫ Nexus 9396tx Version-
Cisco ≫ Nexus 9508 Version-
Cisco ≫ Nexus 92160yc-x Version-
Cisco ≫ Nexus 92300yc Version-
Cisco ≫ Nexus 92304qc Version-
Cisco ≫ Nexus 9236c Version-
Cisco ≫ Nexus 9272q Version-
Cisco ≫ Nexus 93108tc-ex Version-
Cisco ≫ Nexus 93108tc-fx Version-
Cisco ≫ Nexus 93120tx Version-
Cisco ≫ Nexus 93128tx Version-
Cisco ≫ Nexus 93180lc-ex Version-
Cisco ≫ Nexus 93180yc-ex Version-
Cisco ≫ Nexus 93180yc-fx Version-
Cisco ≫ Nexus 93240yc-fx2 Version-
Cisco ≫ Nexus 9332c Version-
Cisco ≫ Nexus 9332pq Version-
Cisco ≫ Nexus 9336c-fx2 Version-
Cisco ≫ Nexus 9336pq Version-
Cisco ≫ Nexus 9348gc-fxp Version-
Cisco ≫ Nexus 9364c Version-
Cisco ≫ Nexus 9372px Version-
Cisco ≫ Nexus 9372px-e Version-
Cisco ≫ Nexus 9372tx Version-
Cisco ≫ Nexus 9372tx-e Version-
Cisco ≫ Nexus 9396px Version-
Cisco ≫ Nexus 9396tx Version-
Cisco ≫ Nexus 9508 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.39% | 0.572 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
| psirt@cisco.com | 4.3 | 2.8 | 1.4 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.