← Back

CVE-2019-1615

nvd nist
Published: Mar 11, 2019Modified: Nov 21, 2024

JSON object

Loading...
6.7
Vector
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.8 / Impact: 5.9
Source: NVD

Description

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability is due to improper verification of digital signatures for software images. An attacker could exploit this vulnerability by loading an unsigned software image on an affected device. A successful exploit could allow the attacker to boot a malicious software image. Note: The fix for this vulnerability requires a BIOS upgrade as part of the software upgrade. For additional information, see the Details section of this advisory. Nexus 3000 Series Switches are affected running software versions prior to 7.0(3)I7(5). Nexus 9000 Series Fabric Switches in ACI Mode are affected running software versions prior to 13.2(1l). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running software versions prior to 7.0(3)I7(5). Nexus 9500 R-Series Line Cards and Fabric Modules are affected running software versions prior to 7.0(3)F3(5).

Affected (4)

Products: Cisco: Nx Os
Cisco
1 product
Nx Os
Configuration A
3 vulnerable · 39 platform
Vulnerable SoftwareAffected Versions
Cisco
Nx Os
Version 12.3(0.97)
Nx Os
Version 7.0(3)i7(3)
Nx Os
Version 9.2(1)
Running on/withPlatform Versions
Cisco
9432pq
All versions
Cisco
9536pq
All versions
Cisco
9636pq
All versions
Cisco
9736pq
All versions
Cisco
N9k X9432c S
All versions
Cisco
N9k X9464px
All versions
Cisco
N9k X9464tx2
All versions
Cisco
N9k X9564px
All versions
Cisco
N9k X9564tx
All versions
Cisco
N9k X9636c R
All versions
Cisco
N9k X9636c Rx
All versions
Cisco
N9k X97160yc Ex
All versions
Cisco
N9k X9732c Ex
All versions
Cisco
N9k X9732c Fx
All versions
Cisco
N9k X9736c Ex
All versions
Cisco
N9k X9736c Fx
All versions
Cisco
N9k X9788tc Fx
All versions
Cisco
Nexus 92160yc X
All versions
Cisco
Nexus 92300yc
All versions
Cisco
Nexus 92304qc
All versions
Cisco
Nexus 9236c
All versions
Cisco
Nexus 9272q
All versions
Cisco
Nexus 93108tc Ex
All versions
Cisco
Nexus 93108tc Fx
All versions
Cisco
Nexus 93120tx
All versions
Cisco
Nexus 9316d Gx
All versions
Cisco
Nexus 93180lc Ex
All versions
Cisco
Nexus 93180yc Ex
All versions
Cisco
Nexus 93180yc Fx
All versions
Cisco
Nexus 93240yc Fx2
All versions
Cisco
Nexus 9332c
All versions
Cisco
Nexus 9336c Fx2
All versions
Cisco
Nexus 9348gc Fxp
All versions
Cisco
Nexus 93600cd Gx
All versions
Cisco
Nexus 9364c
All versions
Cisco
Nexus 9504
All versions
Cisco
Nexus 9508
All versions
Cisco
Nexus 9516
All versions
Cisco
X9636q R
All versions
Configuration B
1 vulnerable · 4 platform
Vulnerable SoftwareAffected Versions
Nx Os
Version 7.0(3)i7(5)
Running on/withPlatform Versions
Cisco
N3k C31128pq 10ge
All versions
Cisco
N3k C3132c Z
All versions
Cisco
N3k C3164q 40ge
All versions
Cisco
N3k C3264q
All versions

Related CWEs

CWE-347
Improper Verification of Cryptographic Signature
The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (4)

Source: psirt@cisco.com
Third Party AdvisoryVDB Entry
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.