CVE-2019-1734

EPSS 0.2%
Veröffentlicht 05.11.2019 20:15:11
Zuletzt bearbeitet 21.11.2024 04:37:12
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to view sensitive system files that should be restricted. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to incomplete role-based access control (RBAC) verification. An attacker could exploit this vulnerability by authenticating to the device and issuing a specific CLI diagnostic command with crafted user-input parameters. An exploit could allow the attacker to perform an arbitrary read of a file on the device, and the file may contain sensitive information. The attacker needs valid device credentials to exploit this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Firepower Extensible Operating System Version < 2.2.2.91

   Cisco ≫ Firepower 4110 Version-
   Cisco ≫ Firepower 4112 Version-
   Cisco ≫ Firepower 4115 Version-
   Cisco ≫ Firepower 4120 Version-
   Cisco ≫ Firepower 4125 Version-
   Cisco ≫ Firepower 4140 Version-
   Cisco ≫ Firepower 4145 Version-
   Cisco ≫ Firepower 4150 Version-
   Cisco ≫ Firepower 9300 Version-

Cisco ≫ Firepower Extensible Operating System Version >= 2.3 < 2.3.1.111

Cisco ≫ Firepower Extensible Operating System Version >= 2.4 < 2.4.1.101

Cisco ≫ Nx-os Version < 6.2\(7\)

   Cisco ≫ Mds 9100 Version-
   Cisco ≫ Mds 9200 Version-
   Cisco ≫ Mds 9500 Version-
   Cisco ≫ Mds 9700 Version-

Cisco ≫ Nx-os Version < 7.0\(3\)i4\(9\)

   Cisco ≫ Nexus 3016 Version-
   Cisco ≫ Nexus 3048 Version-
   Cisco ≫ Nexus 3064 Version-
   Cisco ≫ Nexus 3064-t Version-
   Cisco ≫ Nexus 31108pc-v Version-
   Cisco ≫ Nexus 31108tc-v Version-
   Cisco ≫ Nexus 31128pq Version-
   Cisco ≫ Nexus 3132c-z Version-
   Cisco ≫ Nexus 3132q Version-
   Cisco ≫ Nexus 3132q-v Version-
   Cisco ≫ Nexus 3132q-xl Version-
   Cisco ≫ Nexus 3164q Version-
   Cisco ≫ Nexus 3172 Version-
   Cisco ≫ Nexus 3172pq-xl Version-
   Cisco ≫ Nexus 3172tq Version-
   Cisco ≫ Nexus 3172tq-32t Version-
   Cisco ≫ Nexus 3172tq-xl Version-
   Cisco ≫ Nexus 3232c Version-
   Cisco ≫ Nexus 3264c-e Version-
   Cisco ≫ Nexus 3264q Version-
   Cisco ≫ Nexus 3408-s Version-
   Cisco ≫ Nexus 34180yc Version-
   Cisco ≫ Nexus 3432d-s Version-
   Cisco ≫ Nexus 3464c Version-
   Cisco ≫ Nexus 9000v Version-
   Cisco ≫ Nexus 92160yc-x Version-
   Cisco ≫ Nexus 92300yc Version-
   Cisco ≫ Nexus 92304qc Version-
   Cisco ≫ Nexus 92348gc-x Version-
   Cisco ≫ Nexus 9236c Version-
   Cisco ≫ Nexus 9272q Version-
   Cisco ≫ Nexus 93108tc-ex Version-
   Cisco ≫ Nexus 93108tc-fx Version-
   Cisco ≫ Nexus 93120tx Version-
   Cisco ≫ Nexus 93128tx Version-
   Cisco ≫ Nexus 93180lc-ex Version-
   Cisco ≫ Nexus 93180yc-ex Version-
   Cisco ≫ Nexus 93180yc-fx Version-
   Cisco ≫ Nexus 93216tc-fx2 Version-
   Cisco ≫ Nexus 93240yc-fx2 Version-
   Cisco ≫ Nexus 9332c Version-
   Cisco ≫ Nexus 9332pq Version-
   Cisco ≫ Nexus 93360yc-fx2 Version-
   Cisco ≫ Nexus 9336c-fx2 Version-
   Cisco ≫ Nexus 9336pq Aci Spine Version-
   Cisco ≫ Nexus 9348gc-fxp Version-
   Cisco ≫ Nexus 9364c Version-
   Cisco ≫ Nexus 9372px Version-
   Cisco ≫ Nexus 9372px-e Version-
   Cisco ≫ Nexus 9372tx Version-
   Cisco ≫ Nexus 9372tx-e Version-
   Cisco ≫ Nexus 9396px Version-
   Cisco ≫ Nexus 9396tx Version-

Cisco ≫ Nx-os Version >= 7.0\(3\)i7 < 7.0\(3\)i7\(6\)

Cisco ≫ Nx-os Version < 6.0\(2\)a4\(1\)

   Cisco ≫ Nexus 3524 Version-
   Cisco ≫ Nexus 3524-x Version-
   Cisco ≫ Nexus 3524-xl Version-
   Cisco ≫ Nexus 3548 Version-
   Cisco ≫ Nexus 3548-x Version-
   Cisco ≫ Nexus 3548-xl Version-

Cisco ≫ Nx-os Version >= 7.0\(3\)i4 < 7.0\(3\)i4\(9\)

Cisco ≫ Nx-os Version >= 7.0\(3\)i7 < 7.0\(3\)i7\(6\)

Cisco ≫ Nx-os Version >= 7.0\(3\) < 7.0\(3\)f3\(5\)

   Cisco ≫ Nexus 36180yc-r Version-
   Cisco ≫ Nexus 3636c-r Version-
   Cisco ≫ Nexus 9504 Version-
   Cisco ≫ Nexus 9508 Version-
   Cisco ≫ Nexus 9516 Version-

Cisco ≫ Nx-os Version < 7.1\(4\)n1\(1\)

   Cisco ≫ Nexus 5548p Version-
   Cisco ≫ Nexus 5548up Version-
   Cisco ≫ Nexus 5596t Version-
   Cisco ≫ Nexus 5596up Version-
   Cisco ≫ Nexus 56128p Version-
   Cisco ≫ Nexus 5624q Version-
   Cisco ≫ Nexus 5648q Version-
   Cisco ≫ Nexus 5672up Version-
   Cisco ≫ Nexus 5696q Version-
   Cisco ≫ Nexus 6001 Version-
   Cisco ≫ Nexus 6004 Version-

Cisco ≫ Nx-os Version >= 7.2 < 7.3\(0\)n1\(1\)

Cisco ≫ Nx-os Version < 6.2\(6\)

Cisco ≫ Nexus 7000 Version-
Cisco ≫ Nexus 7700 Version-

Cisco ≫ Nx-os Version < 4.0\(1a\)

Cisco ≫ Ucs 6200 Version-
Cisco ≫ Ucs 6300 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.2%	0.391

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N
psirt@cisco.com	5.5	1.8	3.6	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-fxos-info

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-1734

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-1734

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-1734

EUVD