CVE-2019-1729

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2019-1729
A vulnerability in the CLI implementation of a specific command used for image maintenance for Cisco NX-OS Software could allow an authenticated, local attacker to overwrite any file on the file system including system files. These file overwrites by the attacker are accomplished at the root privilege level. The vulnerability occurs because there is no verification of user-input parameters and or digital-signature verification for image files when using a specific CLI command. An attacker could exploit this vulnerability by authenticating to the device and issuing a command at the CLI. Because an exploit could allow the attacker to overwrite any file on the disk, including system files, a denial of service (DoS) condition could occur. The attacker must have valid administrator credentials for the affected device to exploit this vulnerability.

6.0 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.6 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:C/A:C

Exploitability : 3.9 / Impact : 9.2

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://www.securityfocus.com/bid/108378 Third Party Advisory VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-file-write Vendor Advisory
http://www.securityfocus.com/bid/108378 Third Party Advisory VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-file-write Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*
OR cpe:2.3:h:cisco:nexus_3000:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3100:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3100-z:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3100v:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3200:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3400:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3500:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3524-x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3524-xl:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3548-x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3548-xl:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9000:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9200:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9300:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*
OR cpe:2.3:h:cisco:nexus_36180yc-r:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3636c-r:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9504:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9508:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9516:-:*:*:*:*:*:*:*
History

21 Nov 2024, 04:37

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/108378 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/108378 - Third Party Advisory, VDB Entry
References () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-file-write - Vendor Advisory () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-file-write - Vendor Advisory
Information

Published : 2019-05-15 17:29

Updated : 2024-11-21 04:37

NVD link : CVE-2019-1729

Mitre link : CVE-2019-1729

CVE.ORG link : CVE-2019-1729

JSON object : View

Products Affected

cisco

  • nexus_3100v
  • nexus_9000
  • nexus_3000
  • nexus_3524-x
  • nexus_3548-xl
  • nexus_9200
  • nexus_3100-z
  • nexus_9516
  • nexus_3636c-r
  • nexus_3500
  • nx-os
  • nexus_9300
  • nexus_9508
  • nexus_3100
  • nexus_3200
  • nexus_3548-x
  • nexus_36180yc-r
  • nexus_9504
  • nexus_3400
  • nexus_3524-xl
CWE
CWE-20

Improper Input Validation

CWE-347

Improper Verification of Cryptographic Signature


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024