CVE-2019-1588

A vulnerability in the Cisco Nexus 9000 Series Fabric Switches running in Application-Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to read arbitrary files on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms of user-supplied input sent to an affected device. A successful exploit could allow the attacker unauthorized access to read arbitrary files on an affected device. This vulnerability has been fixed in version 14.0(1h).
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9000:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:36

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/107316 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/107316 - Third Party Advisory, VDB Entry
References () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-aci-file-read - Patch, Vendor Advisory () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-aci-file-read - Patch, Vendor Advisory

Information

Published : 2019-03-06 21:29

Updated : 2024-11-21 04:36


NVD link : CVE-2019-1588

Mitre link : CVE-2019-1588

CVE.ORG link : CVE-2019-1588


JSON object : View

Products Affected

cisco

  • nexus_9000
  • nx-os
CWE
CWE-20

Improper Input Validation

CWE-269

Improper Privilege Management