← Back

CVE-2019-1596

nvd nist
Published: Mar 7, 2019Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to escalate their privilege level to root. The attacker must authenticate with valid user credentials. The vulnerability is due to incorrect permissions of a system executable. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the Bash prompt. A successful exploit could allow the attacker to escalate their privilege level to root. Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).

Affected (4)

Products: Cisco: Nx Os
Cisco
1 product
Nx Os
Configuration A
1 platform
Running on/withPlatform Versions
Cisco
Nexus 3000
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nx Os
From 7.0\(3\)i7 to 7.0\(3\)i7\(4\)
Running on/withPlatform Versions
Cisco
Nexus 3500
All versions
Configuration C
1 platform
Running on/withPlatform Versions
Cisco
Nexus 3600
All versions
Configuration D
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
Nx Os
Before 7.0\(3\)i4\(9\)
Nx Os
From 7.0\(3\)i5 to 7.0\(3\)i7\(4\)
Running on/withPlatform Versions
Cisco
Nexus 9000
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nx Os
From 7.0\(3\)f3\(1\) to 7.0\(3\)f3\(5\)
Running on/withPlatform Versions
Cisco
Nexus 9500
All versions

Related CWEs

CWE-264
CWE-264
CWE-732
Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (4)

Source: psirt@cisco.com
Third Party AdvisoryVDB Entry
Source: psirt@cisco.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.