7.8
CVE-2019-1592
- EPSS 0.23%
- Published 03.05.2019 15:29:00
- Last modified 21.11.2024 04:36:52
- Source psirt@cisco.com
- Teams watchlist Login
- Open Login
A vulnerability in the background operations functionality of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an authenticated, local attacker to gain elevated privileges as root on an affected device. The vulnerability is due to insufficient validation of user-supplied files on an affected device. An attacker could exploit this vulnerability by logging in to the CLI of the affected device and creating a crafted file in a specific directory on the filesystem. A successful exploit could allow the attacker to execute arbitrary operating system commands as root on an affected device.
Data is provided by the National Vulnerability Database (NVD)
Cisco ≫ Nx-os Version14.1(0.90)
Cisco ≫ Nexus 9000 Version-
Cisco ≫ Nexus 92160yc-x Version-
Cisco ≫ Nexus 92300yc Version-
Cisco ≫ Nexus 92304qc Version-
Cisco ≫ Nexus 9236c Version-
Cisco ≫ Nexus 9272q Version-
Cisco ≫ Nexus 93108tc-ex Version-
Cisco ≫ Nexus 93108tc-fx Version-
Cisco ≫ Nexus 93120tx Version-
Cisco ≫ Nexus 93128tx Version-
Cisco ≫ Nexus 93180lc-ex Version-
Cisco ≫ Nexus 93180yc-ex Version-
Cisco ≫ Nexus 93180yc-fx Version-
Cisco ≫ Nexus 93240yc-fx2 Version-
Cisco ≫ Nexus 9332c Version-
Cisco ≫ Nexus 9332pq Version-
Cisco ≫ Nexus 9336c-fx2 Version-
Cisco ≫ Nexus 9336pq Version-
Cisco ≫ Nexus 9348gc-fxp Version-
Cisco ≫ Nexus 9364c Version-
Cisco ≫ Nexus 9372px Version-
Cisco ≫ Nexus 9372px-e Version-
Cisco ≫ Nexus 9372tx Version-
Cisco ≫ Nexus 9372tx-e Version-
Cisco ≫ Nexus 9396px Version-
Cisco ≫ Nexus 9396tx Version-
Cisco ≫ Nexus 9508 Version-
Cisco ≫ Nexus 92160yc-x Version-
Cisco ≫ Nexus 92300yc Version-
Cisco ≫ Nexus 92304qc Version-
Cisco ≫ Nexus 9236c Version-
Cisco ≫ Nexus 9272q Version-
Cisco ≫ Nexus 93108tc-ex Version-
Cisco ≫ Nexus 93108tc-fx Version-
Cisco ≫ Nexus 93120tx Version-
Cisco ≫ Nexus 93128tx Version-
Cisco ≫ Nexus 93180lc-ex Version-
Cisco ≫ Nexus 93180yc-ex Version-
Cisco ≫ Nexus 93180yc-fx Version-
Cisco ≫ Nexus 93240yc-fx2 Version-
Cisco ≫ Nexus 9332c Version-
Cisco ≫ Nexus 9332pq Version-
Cisco ≫ Nexus 9336c-fx2 Version-
Cisco ≫ Nexus 9336pq Version-
Cisco ≫ Nexus 9348gc-fxp Version-
Cisco ≫ Nexus 9364c Version-
Cisco ≫ Nexus 9372px Version-
Cisco ≫ Nexus 9372px-e Version-
Cisco ≫ Nexus 9372tx Version-
Cisco ≫ Nexus 9372tx-e Version-
Cisco ≫ Nexus 9396px Version-
Cisco ≫ Nexus 9396tx Version-
Cisco ≫ Nexus 9508 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.431 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
| psirt@cisco.com | 7.8 | 1.8 | 5.9 |
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.