CVE-2019-1732

A vulnerability in the Remote Package Manager (RPM) subsystem of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to leverage a time-of-check, time-of-use (TOCTOU) race condition to corrupt local variables, which could lead to arbitrary command injection. The vulnerability is due to the lack of a proper locking mechanism on critical variables that need to stay static until used. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a set of RPM-related CLI commands. A successful exploit could allow the attacker to perform arbitrary command injection. The attacker would need administrator credentials for the targeted device.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*
OR cpe:2.3:h:cisco:nexus_3000:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3100:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3100-z:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3100v:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3200:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3400:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3500:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3524-x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3524-xl:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3548-x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3548-xl:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9000:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9200:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9300:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9500:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:cisco:nx_os:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3600:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:37

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/108361 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/108361 - Third Party Advisory, VDB Entry
References () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-rpm-injec - Vendor Advisory () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-rpm-injec - Vendor Advisory

Information

Published : 2019-05-15 17:29

Updated : 2024-11-21 04:37


NVD link : CVE-2019-1732

Mitre link : CVE-2019-1732

CVE.ORG link : CVE-2019-1732


JSON object : View

Products Affected

cisco

  • nexus_3100v
  • nexus_9000
  • nx_os
  • nexus_9300
  • nexus_3200
  • nexus_3000
  • nexus_3500
  • nexus_3524-x
  • nexus_3548-x
  • nexus_3600
  • nx-os
  • nexus_3100
  • nexus_3400
  • nexus_3548-xl
  • nexus_9200
  • nexus_9500
  • nexus_3100-z
  • nexus_3524-xl
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-667

Improper Locking