CVE-2019-1613

Published: Mar 11, 2019Modified: Nov 21, 2024

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. MDS 9000 Series Multilayer Switches are affected running software versions prior to 6.2(27) and 8.2(3). Nexus 3000 Series Switches are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(6). Nexus 3500 Platform Switches are affected running software versions prior to 6.0(2)A8(11) and 7.0(3)I7(6). Nexus 3600 Platform Switches are affected running software versions prior to 7.0(3)F3(5). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running software versions prior to 7.0(3)I4(9), 7.0(3)I7(6). Nexus 9500 R-Series Line Cards and Fabric Modules are affected running software versions prior to 7.0(3)F3(5). Nexus 7000 and 7700 Series Switches are affected running software versions prior to 6.2(22) and 8.2(3).

Affected (5)

Products: Cisco: Nx Os

Cisco

1 product

Nx Os

Configuration A

1 vulnerable · 39 platform

Vulnerable Software	Affected Versions
Cisco Nx Os	Version 7.0(3)f3(3)

Running on/with	Platform Versions
Cisco 9432pq	All versions
Cisco 9536pq	All versions
Cisco 9636pq	All versions
Cisco 9736pq	All versions
Cisco N9k X9432c S	All versions
Cisco N9k X9464px	All versions
Cisco N9k X9464tx2	All versions
Cisco N9k X9564px	All versions
Cisco N9k X9564tx	All versions
Cisco N9k X9636c R	All versions
Cisco N9k X9636c Rx	All versions
Cisco N9k X97160yc Ex	All versions
Cisco N9k X9732c Ex	All versions
Cisco N9k X9732c Fx	All versions
Cisco N9k X9736c Ex	All versions
Cisco N9k X9736c Fx	All versions
Cisco N9k X9788tc Fx	All versions
Cisco Nexus 92160yc X	All versions
Cisco Nexus 92300yc	All versions
Cisco Nexus 92304qc	All versions
Cisco Nexus 9236c	All versions
Cisco Nexus 9272q	All versions
Cisco Nexus 93108tc Ex	All versions
Cisco Nexus 93108tc Fx	All versions
Cisco Nexus 93120tx	All versions
Cisco Nexus 9316d Gx	All versions
Cisco Nexus 93180lc Ex	All versions
Cisco Nexus 93180yc Ex	All versions
Cisco Nexus 93180yc Fx	All versions
Cisco Nexus 93240yc Fx2	All versions
Cisco Nexus 9332c	All versions
Cisco Nexus 9336c Fx2	All versions
Cisco Nexus 9348gc Fxp	All versions
Cisco Nexus 93600cd Gx	All versions
Cisco Nexus 9364c	All versions
Cisco Nexus 9504	All versions
Cisco Nexus 9508	All versions
Cisco Nexus 9516	All versions
Cisco X9636q R	All versions

Configuration B

1 vulnerable · 4 platform

Vulnerable Software	Affected Versions
Cisco Nx Os	Version 9.2(1)

Running on/with	Platform Versions
Cisco N3k C31128pq 10ge	All versions
Cisco N3k C3132c Z	All versions
Cisco N3k C3164q 40ge	All versions
Cisco N3k C3264q	All versions

Configuration C

3 vulnerable · 15 platform

Vulnerable Software	Affected Versions
Cisco Nx Os	Version 7.0(3)i7(2)
Cisco Nx Os	Version 8.2(1)
Cisco Nx Os	Version 9.2(2)

Running on/with	Platform Versions
Cisco N77 F312ck 26	All versions
Cisco N77 F324fq 25	All versions
Cisco N77 F348xp 23	All versions
Cisco N77 F430cq 36	All versions
Cisco N77 M312cq 26l	All versions
Cisco N77 M324fq 25l	All versions
Cisco N77 M348xp 23l	All versions
Cisco N7k F248xp 25e	All versions
Cisco N7k F306ck 25	All versions
Cisco N7k F312fq 25	All versions
Cisco N7k M202cf 22l	All versions
Cisco N7k M206fq 23l	All versions
Cisco N7k M224xp 23l	All versions
Cisco N7k M324fq 25l	All versions
Cisco N7k M348xp 25l	All versions