7.2

CVE-2019-1780

A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. NX-OS versions prior to 8.3(1) are affected. NX-OS versions prior to 8.3(1) are affected.

Data is provided by the National Vulnerability Database (NVD)
CiscoNx-os Version >= 5.2 < 6.2\(25\)
   CiscoMds 9000 Version-
   CiscoMds 9100 Version-
   CiscoMds 9200 Version-
   CiscoMds 9500 Version-
   CiscoMds 9700 Version-
CiscoNx-os Version >= 7.3 < 8.1\(1b\)
   CiscoMds 9000 Version-
   CiscoMds 9100 Version-
   CiscoMds 9200 Version-
   CiscoMds 9500 Version-
   CiscoMds 9700 Version-
CiscoNx-os Version >= 8.2 < 8.3\(1\)
   CiscoMds 9000 Version-
   CiscoMds 9100 Version-
   CiscoMds 9200 Version-
   CiscoMds 9500 Version-
   CiscoMds 9700 Version-
CiscoNx-os Version < 7.0\(3\)i4\(9\)
   CiscoNexus 3016 Version-
   CiscoNexus 3048 Version-
   CiscoNexus 3064 Version-
   CiscoNexus 3064-t Version-
   CiscoNexus 31108pc-v Version-
   CiscoNexus 31108tc-v Version-
   CiscoNexus 31128pq Version-
   CiscoNexus 3132c-z Version-
   CiscoNexus 3132q Version-
   CiscoNexus 3132q-v Version-
   CiscoNexus 3132q-xl Version-
   CiscoNexus 3164q Version-
   CiscoNexus 3172 Version-
   CiscoNexus 3172pq-xl Version-
   CiscoNexus 3172tq Version-
   CiscoNexus 3172tq-32t Version-
   CiscoNexus 3172tq-xl Version-
   CiscoNexus 3232c Version-
   CiscoNexus 3264c-e Version-
   CiscoNexus 3264q Version-
   CiscoNexus 3408-s Version-
   CiscoNexus 34180yc Version-
   CiscoNexus 3432d-s Version-
   CiscoNexus 3464c Version-
   CiscoNexus 9000v Version-
   CiscoNexus 92160yc-x Version-
   CiscoNexus 92300yc Version-
   CiscoNexus 92304qc Version-
   CiscoNexus 92348gc-x Version-
   CiscoNexus 9236c Version-
   CiscoNexus 9272q Version-
   CiscoNexus 93108tc-ex Version-
   CiscoNexus 93108tc-fx Version-
   CiscoNexus 93120tx Version-
   CiscoNexus 93128tx Version-
   CiscoNexus 93180lc-ex Version-
   CiscoNexus 93180yc-ex Version-
   CiscoNexus 93180yc-fx Version-
   CiscoNexus 93216tc-fx2 Version-
   CiscoNexus 93240yc-fx2 Version-
   CiscoNexus 9332c Version-
   CiscoNexus 9332pq Version-
   CiscoNexus 93360yc-fx2 Version-
   CiscoNexus 9336c-fx2 Version-
   CiscoNexus 9336pq Aci Spine Version-
   CiscoNexus 9348gc-fxp Version-
   CiscoNexus 9364c Version-
   CiscoNexus 9372px Version-
   CiscoNexus 9372px-e Version-
   CiscoNexus 9372tx Version-
   CiscoNexus 9372tx-e Version-
   CiscoNexus 9396px Version-
   CiscoNexus 9396tx Version-
CiscoNx-os Version >= 7.0\(3\)i7 < 7.0\(3\)i7\(4\)
   CiscoNexus 3016 Version-
   CiscoNexus 3048 Version-
   CiscoNexus 3064 Version-
   CiscoNexus 3064-t Version-
   CiscoNexus 31108pc-v Version-
   CiscoNexus 31108tc-v Version-
   CiscoNexus 31128pq Version-
   CiscoNexus 3132c-z Version-
   CiscoNexus 3132q Version-
   CiscoNexus 3132q-v Version-
   CiscoNexus 3132q-xl Version-
   CiscoNexus 3164q Version-
   CiscoNexus 3172 Version-
   CiscoNexus 3172pq-xl Version-
   CiscoNexus 3172tq Version-
   CiscoNexus 3172tq-32t Version-
   CiscoNexus 3172tq-xl Version-
   CiscoNexus 3232c Version-
   CiscoNexus 3264c-e Version-
   CiscoNexus 3264q Version-
   CiscoNexus 3408-s Version-
   CiscoNexus 34180yc Version-
   CiscoNexus 3432d-s Version-
   CiscoNexus 3464c Version-
   CiscoNexus 9000v Version-
   CiscoNexus 92160yc-x Version-
   CiscoNexus 92300yc Version-
   CiscoNexus 92304qc Version-
   CiscoNexus 92348gc-x Version-
   CiscoNexus 9236c Version-
   CiscoNexus 9272q Version-
   CiscoNexus 93108tc-ex Version-
   CiscoNexus 93108tc-fx Version-
   CiscoNexus 93120tx Version-
   CiscoNexus 93128tx Version-
   CiscoNexus 93180lc-ex Version-
   CiscoNexus 93180yc-ex Version-
   CiscoNexus 93180yc-fx Version-
   CiscoNexus 93216tc-fx2 Version-
   CiscoNexus 93240yc-fx2 Version-
   CiscoNexus 9332c Version-
   CiscoNexus 9332pq Version-
   CiscoNexus 93360yc-fx2 Version-
   CiscoNexus 9336c-fx2 Version-
   CiscoNexus 9336pq Aci Spine Version-
   CiscoNexus 9348gc-fxp Version-
   CiscoNexus 9364c Version-
   CiscoNexus 9372px Version-
   CiscoNexus 9372px-e Version-
   CiscoNexus 9372tx Version-
   CiscoNexus 9372tx-e Version-
   CiscoNexus 9396px Version-
   CiscoNexus 9396tx Version-
CiscoNx-os Version < 6.0\(2\)a8\(11\)
   CiscoNexus 3524 Version-
   CiscoNexus 3524-x Version-
   CiscoNexus 3524-xl Version-
   CiscoNexus 3548 Version-
   CiscoNexus 3548-x Version-
   CiscoNexus 3548-xl Version-
CiscoNx-os Version >= 7.0\(3\)i4 < 7.0\(3\)i4\(9\)
   CiscoNexus 3524 Version-
   CiscoNexus 3524-x Version-
   CiscoNexus 3524-xl Version-
   CiscoNexus 3548 Version-
   CiscoNexus 3548-x Version-
   CiscoNexus 3548-xl Version-
CiscoNx-os Version >= 7.0\(3\)i7 < 7.0\(3\)i7\(4\)
   CiscoNexus 3524 Version-
   CiscoNexus 3524-x Version-
   CiscoNexus 3524-xl Version-
   CiscoNexus 3548 Version-
   CiscoNexus 3548-x Version-
   CiscoNexus 3548-xl Version-
CiscoNx-os Version < 7.3\(3\)n1\(1\)
   CiscoNexus 5548p Version-
   CiscoNexus 5548up Version-
   CiscoNexus 5596t Version-
   CiscoNexus 5596up Version-
   CiscoNexus 56128p Version-
   CiscoNexus 5624q Version-
   CiscoNexus 5648q Version-
   CiscoNexus 5672up Version-
   CiscoNexus 5696q Version-
   CiscoNexus 6001 Version-
   CiscoNexus 6004 Version-
CiscoNx-os Version < 6.2\(22\)
   CiscoNexus 7000 Version-
   CiscoNexus 7700 Version-
CiscoNx-os Version >= 7.2 < 7.3\(3\)d1\(1\)
   CiscoNexus 7000 Version-
   CiscoNexus 7700 Version-
CiscoNx-os Version >= 8.0 < 8.2\(3\)
   CiscoNexus 7000 Version-
   CiscoNexus 7700 Version-
CiscoNx-os Version >= 8.3 < 8.3\(1\)
   CiscoNexus 7000 Version-
   CiscoNexus 7700 Version-
CiscoFirepower Extensible Operating System Version < 2.3.1.130
   CiscoFirepower 4110 Version-
   CiscoFirepower 4115 Version-
   CiscoFirepower 4120 Version-
   CiscoFirepower 4125 Version-
   CiscoFirepower 4140 Version-
   CiscoFirepower 4145 Version-
   CiscoFirepower 4150 Version-
   CiscoFirepower 9300 Version-
CiscoFirepower Extensible Operating System Version >= 2.4 < 2.4.1.122
   CiscoFirepower 4110 Version-
   CiscoFirepower 4115 Version-
   CiscoFirepower 4120 Version-
   CiscoFirepower 4125 Version-
   CiscoFirepower 4140 Version-
   CiscoFirepower 4145 Version-
   CiscoFirepower 4150 Version-
   CiscoFirepower 9300 Version-
CiscoNx-os Version >= 7.0\(3\) < 7.0\(3\)f3\(5\)
   CiscoNexus 36180yc-r Version-
   CiscoNexus 3636c-r Version-
   CiscoNexus 9504 Version-
   CiscoNexus 9508 Version-
   CiscoNexus 9516 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.06% 0.157
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
psirt@cisco.com 4.2 0.8 3.4
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

http://www.securityfocus.com/bid/108392
Third Party Advisory
VDB Entry