CVE-2019-1593

Published: Mar 6, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to escalate their privilege level by executing commands authorized to other user roles. The attacker must authenticate with valid user credentials. The vulnerability is due to the incorrect implementation of a Bash shell command that allows role-based access control (RBAC) to be bypassed. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the Bash prompt. A successful exploit could allow the attacker to escalate their privilege level by executing commands that should be restricted to other roles. For example, a dev-ops user could escalate their privilege level to admin with a successful exploit of this vulnerability.

Affected (8)

Products: Cisco: Nx Os

Cisco

1 product

Nx Os

Configuration B

1 platform

Running on/with	Platform Versions
Cisco Nexus 3000	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Nx Os	From 7.0\(3\) to 7.0\(3\)i7\(4\)

Running on/with	Platform Versions
Cisco Nexus 3500	All versions

Configuration D

1 platform

Running on/with	Platform Versions
Cisco Nexus 3600	All versions

Configuration E

2 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Cisco Nx Os	From 8.1 to 8.2\(3\)
Cisco Nx Os	From 8.3 to 8.3\(1\)

Running on/with	Platform Versions
Cisco Nexus 7000	All versions
Cisco Nexus 7700	All versions

Configuration F

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Nx Os	Before 13.2\(4d\)
Cisco Nx Os	From 14.0 to 14.0\(1h\)

Running on/with	Platform Versions
Cisco Nexus 9000 In Aci Mode	All versions

Configuration G

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Nx Os	From 7.0\(3\)i4 to 7.0\(3\)i4\(9\)
Cisco Nx Os	From 7.0\(3\)i5 to 7.0\(3\)i7\(4\)

Running on/with	Platform Versions
Cisco Nexus 9000 In Standalone	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Nx Os	From 7.0\(3\) to 7.0\(3\)f3\(5\)

Running on/with	Platform Versions
Cisco Nexus 9500	All versions

Related CWEs

CWE-264

References (4)

http://www.securityfocus.com/bid/107324

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nx-os-bash-escal

Source: psirt@cisco.com

PatchVendor Advisory

http://www.securityfocus.com/bid/107324

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nx-os-bash-escal

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.