7.8
CVE-2019-1803
- EPSS 0.03%
- Veröffentlicht 03.05.2019 17:29:00
- Zuletzt bearbeitet 21.11.2024 04:37:24
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
LoginA vulnerability in the filesystem management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an authenticated, local attacker with administrator rights to gain elevated privileges as the root user on an affected device. The vulnerability is due to overly permissive file permissions of specific system files. An attacker could exploit this vulnerability by authenticating to an affected device, creating a crafted command string, and writing this crafted string to a specific file location. A successful exploit could allow the attacker to execute arbitrary operating system commands as root on an affected device. The attacker would need to have valid administrator credentials for the device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Nexus 9000 Series Application Centric Infrastructure Version-
Cisco ≫ Nexus 93108tc-ex Version-
Cisco ≫ Nexus 93120tx Version-
Cisco ≫ Nexus 93128tx Version-
Cisco ≫ Nexus 93180lc-ex Version-
Cisco ≫ Nexus 93180tc-ex Version-
Cisco ≫ Nexus 93180yc-ex Version-
Cisco ≫ Nexus 93180yc-fx Version-
Cisco ≫ Nexus 9332pq Version-
Cisco ≫ Nexus 9336c-fx2 Version-
Cisco ≫ Nexus 9336pq Aci Spine Version-
Cisco ≫ Nexus 9348gc-fxp Version-
Cisco ≫ Nexus 9364c Version-
Cisco ≫ Nexus 9372px Version-
Cisco ≫ Nexus 9372px-e Version-
Cisco ≫ Nexus 9372tx Version-
Cisco ≫ Nexus 9372tx-e Version-
Cisco ≫ Nexus 9396px Version-
Cisco ≫ Nexus 9396tx Version-
Cisco ≫ Nexus 9504 Version-
Cisco ≫ Nexus 9508 Version-
Cisco ≫ Nexus 9516 Version-
Cisco ≫ Nexus 93120tx Version-
Cisco ≫ Nexus 93128tx Version-
Cisco ≫ Nexus 93180lc-ex Version-
Cisco ≫ Nexus 93180tc-ex Version-
Cisco ≫ Nexus 93180yc-ex Version-
Cisco ≫ Nexus 93180yc-fx Version-
Cisco ≫ Nexus 9332pq Version-
Cisco ≫ Nexus 9336c-fx2 Version-
Cisco ≫ Nexus 9336pq Aci Spine Version-
Cisco ≫ Nexus 9348gc-fxp Version-
Cisco ≫ Nexus 9364c Version-
Cisco ≫ Nexus 9372px Version-
Cisco ≫ Nexus 9372px-e Version-
Cisco ≫ Nexus 9372tx Version-
Cisco ≫ Nexus 9372tx-e Version-
Cisco ≫ Nexus 9396px Version-
Cisco ≫ Nexus 9396tx Version-
Cisco ≫ Nexus 9504 Version-
Cisco ≫ Nexus 9508 Version-
Cisco ≫ Nexus 9516 Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.047 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
| psirt@cisco.com | 7.8 | 1.8 | 5.9 |
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-732 Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.