CVE-2019-1600

Published: Mar 7, 2019Modified: Nov 21, 2024

4.4

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 0.8 / Impact: 3.6

Source: NVD

Description

A vulnerability in the file system permissions of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive information that is stored in the file system of an affected system. The vulnerability is due to improper implementation of file system permissions. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow the attacker to access sensitive and critical files. Firepower 4100 Series Next-Generation Firewalls are affected in versions prior to 2.2.2.91 and 2.3.1.110. Firepower 9300 Series Next-Generation Firewalls are affected in versions prior to 2.2.2.91 and 2.3.1.110. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(25), 8.1(1b), and 8.3(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.1(5)N1(1b) and 7.3(3)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).

Affected (16)

Products: Cisco: Firepower Extensible Operating System, Nx Os

Cisco

2 products

Firepower Extensible Operating System

Nx Os

Configuration A

2 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Cisco Firepower Extensible Operating System	From 1.1 to 2.2.2.91
Cisco Firepower Extensible Operating System	From 2.3 to 2.3.1.110

Running on/with	Platform Versions
Cisco Firepower 4100	All versions
Cisco Firepower 9300	All versions

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Nx Os	From 8.2 to 8.3\(1\)

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Nx Os	From 7.0\(3\) to 7.0\(3\)i7\(4\)

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Nx Os	From 7.0\(3\)f3 to 7.0\(3\)f3\(5\)

Running on/with	Platform Versions
Cisco Nexus 3600	All versions

Configuration F

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Nx Os	From 7.2 to 7.3\(3\)n1\(1\)

Configuration G

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Nx Os	From 8.0 to 8.2\(3\)

Configuration H

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Nx Os	From 7.0\(3\)i5 to 7.0\(3\)i7\(4\)

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Nx Os	From 7.0\(3\)f1 to 7.0\(3\)f3\(5\)

Running on/with	Platform Versions
Cisco Nexus 9500	All versions

Configuration J

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Nx Os	From 7.3 to 8.1\(1b\)

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Nx Os	From 5.2. to 6.2\(25\)

Running on/with	Platform Versions
Cisco Mds 9000	All versions

Configuration L

1 platform

Running on/with	Platform Versions
Cisco Nexus 3000	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Nx Os	Before 6.0\(2\)a8\(10\)

Running on/with	Platform Versions
Cisco Nexus 3500	All versions

Configuration N

1 vulnerable · 4 platform

Vulnerable Software	Affected Versions
Cisco Nx Os	Before 7.1\(5\)n1\(1b\)

Running on/with	Platform Versions
Cisco Nexus 2000	All versions
Cisco Nexus 5500	All versions
Cisco Nexus 5600	All versions
Cisco Nexus 6000	All versions

Configuration O

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Nx Os	From 7.2 to 7.3\(3\)d1\(1\)

Configuration P

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Cisco Nx Os	Before 6.2\(22\)

Running on/with	Platform Versions
Cisco Nexus 7000	All versions
Cisco Nexus 7700	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Nx Os	Before 7.0\(3\)i4\(9\)

Running on/with	Platform Versions
Cisco Nexus 9000	All versions

Related CWEs

CWE-264

CWE-732

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (6)

http://www.securityfocus.com/bid/107399

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/107404

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-directory

Source: psirt@cisco.com

PatchVendor Advisory

http://www.securityfocus.com/bid/107399

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/107404

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-directory

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.