CVE-2019-12662
6.7
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.8 / Impact: 5.9
Source: NVD
Description
A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper signature verification during the installation of an Open Virtual Appliance (OVA) image. An authenticated, local attacker could exploit this vulnerability and load a malicious, unsigned OVA image on an affected device. A successful exploit could allow an attacker to perform code execution on a crafted software OVA image.
Affected (55)
Products: Cisco: Ios Xe, Nx Os, Nexus 3016 Firmware, Nexus 3048 Firmware, Nexus 3064 Firmware, Nexus 3064 T Firmware, Nexus 31108pc V Firmware, Nexus 31108tc V Firmware, Nexus 31128pq Firmware, Nexus 3132c Z Firmware, Nexus 3132q Firmware, Nexus 3132q V Firmware, Nexus 3132q Xl Firmware, Nexus 3164q Firmware, Nexus 3172 Firmware, Nexus 3172pq Xl Firmware, Nexus 3172tq Firmware, Nexus 3172tq 32t Firmware, Nexus 3172tq Xl Firmware, Nexus 3232c Firmware, Nexus 3264c E Firmware, Nexus 3264q Firmware, Nexus 3408 S Firmware, Nexus 34180yc Firmware, Nexus 34200yc Sm Firmware, Nexus 3432d S Firmware, Nexus 3464c Firmware, Nexus 3524 Firmware, Nexus 3524 X Firmware, Nexus 3524 Xl Firmware, Nexus 3548 Firmware, Nexus 3548 X Firmware, Nexus 3548 Xl Firmware, Nexus 5548p Firmware, Nexus 5548up Firmware, Nexus 5596t Firmware, Nexus 5596up Firmware, Nexus 56128p Firmware, Nexus 5624q Firmware, Nexus 5648q Firmware, Nexus 5672up Firmware, Nexus 5696q Firmware, Nexus 6001 Firmware, Nexus 6004 Firmware, Nexus 7000 10 Slot Firmware, Nexus 7000 18 Slot Firmware, Nexus 7000 4 Slot Firmware, Nexus 7000 9 Slot Firmware, Nexus 7700 10 Slot Firmware, Nexus 7700 18 Slot Firmware, Nexus 7700 2 Slot Firmware, Nexus 7700 6 Slot Firmware
Configuration B
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version 8.1(0)bd(0.20) |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 9000v | All versions |
Cisco Nexus 92160yc X | All versions |
Cisco Nexus 92300yc | All versions |
Cisco Nexus 92304qc | All versions |
Cisco Nexus 92348gc X | All versions |
Cisco Nexus 9236c | All versions |
Cisco Nexus 9272q | All versions |
Cisco Nexus 93108tc Ex | All versions |
Cisco Nexus 93108tc Fx | All versions |
Cisco Nexus 93120tx | All versions |
Cisco Nexus 93128tx | All versions |
Cisco Nexus 93180lc Ex | All versions |
Cisco Nexus 93180yc Ex | All versions |
Cisco Nexus 93180yc Fx | All versions |
Cisco Nexus 93216tc Fx2 | All versions |
Cisco Nexus 93240yc Fx2 | All versions |
Cisco Nexus 9332c | All versions |
Cisco Nexus 9332pq | All versions |
Cisco Nexus 93360yc Fx2 | All versions |
Cisco Nexus 9336c Fx2 | All versions |
Cisco Nexus 9336pq Aci Spine | All versions |
Cisco Nexus 9348gc Fxp | All versions |
Cisco Nexus 9364c | All versions |
Cisco Nexus 9372px | All versions |
Cisco Nexus 9372px E | All versions |
Cisco Nexus 9372tx | All versions |
Cisco Nexus 9372tx E | All versions |
Cisco Nexus 9396px | All versions |
Cisco Nexus 9396tx | All versions |
Cisco Nexus 9504 | All versions |
Cisco Nexus 9508 | All versions |
Cisco Nexus 9516 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 3016 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 3048 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 3064 | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 3064 T | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 31108pc V | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 31108tc V | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 31128pq | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 3132c Z | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 3132q | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 3132q V | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 3132q Xl | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 3164q | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 3172 | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 3172pq Xl | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 3172tq | All versions |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 3172tq 32t | All versions |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 3172tq Xl | All versions |
Configuration U
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 3232c | All versions |
Configuration V
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 3264c E | All versions |
Configuration W
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 3264q | All versions |
Configuration X
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 3408 S | All versions |
Configuration Y
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 34180yc | All versions |
Configuration Z
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 34200yc Sm | All versions |
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 3432d S | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 3464c | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 3524 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 3524 X | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 3524 Xl | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 3548 | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 3548 X | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 3548 Xl | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 5548p | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 5548up | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 5596t | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 5596up | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 56128p | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 5624q | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 5648q | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 5672up | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 5696q | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 6001 | All versions |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 6004 | All versions |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 7000 10 Slot | All versions |
Configuration U
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 7000 18 Slot | All versions |
Configuration V
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 7000 4 Slot | All versions |
Configuration W
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 7000 9 Slot | All versions |
Configuration X
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 7700 10 Slot | All versions |
Configuration Y
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 7700 18 Slot | All versions |
Configuration Z
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 7700 2 Slot | All versions |
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 7700 6 Slot | All versions |
References (2)
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.