CVE-2019-1588

Published: Mar 6, 2019Modified: Nov 21, 2024

4.4

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 0.8 / Impact: 3.6

Source: NVD

Description

A vulnerability in the Cisco Nexus 9000 Series Fabric Switches running in Application-Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to read arbitrary files on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms of user-supplied input sent to an affected device. A successful exploit could allow the attacker unauthorized access to read arbitrary files on an affected device. This vulnerability has been fixed in version 14.0(1h).

Affected (1)

Products: Cisco: Nx Os

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Nx Os	Before 14.0\(1h\)

Running on/with	Platform Versions
Cisco Nexus 9000	All versions

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (4)

http://www.securityfocus.com/bid/107316

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-aci-file-read

Source: psirt@cisco.com

PatchVendor Advisory

http://www.securityfocus.com/bid/107316

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-aci-file-read

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.