← Back

CVE-2019-1730

nvd nist
Published: May 15, 2019Modified: Nov 21, 2024

JSON object

Loading...
6.7
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.8 / Impact: 5.9
Source: NVD

Description

A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to bypass the limited command set of the restricted Guest Shell and execute commands at the privilege level of a network-admin user outside of the Guest Shell. The attacker must authenticate with valid administrator device credentials. The vulnerability is due to the incorrect implementation of a CLI command that allows a Bash command to be incorrectly invoked on the Guest Shell CLI. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the Guest Shell prompt. A successful exploit could allow the attacker to issue commands that should be restricted by a Guest Shell account.

Affected (4)

Products: Cisco: Nx Os
Cisco
1 product
Nx Os
Configuration A
2 vulnerable · 40 platform
Vulnerable SoftwareAffected Versions
Cisco
Nx Os
From 7.0\(3\)i4 to 7.0\(3\)i4\(9\)
Nx Os
From 7.0\(3\)i7 to 7.0\(3\)i7\(4\)
Running on/withPlatform Versions
Cisco
Nexus 3000
All versions
Cisco
Nexus 3100
All versions
Cisco
Nexus 3100 Z
All versions
Cisco
Nexus 3100v
All versions
Cisco
Nexus 3200
All versions
Cisco
Nexus 3400
All versions
Cisco
Nexus 3500
All versions
Cisco
Nexus 3524 X
All versions
Cisco
Nexus 3524 Xl
All versions
Cisco
Nexus 3548 X
All versions
Cisco
Nexus 3548 Xl
All versions
Cisco
Nexus 9000v
All versions
Cisco
Nexus 92160yc X
All versions
Cisco
Nexus 92300yc
All versions
Cisco
Nexus 92304qc
All versions
Cisco
Nexus 92348gc X
All versions
Cisco
Nexus 9236c
All versions
Cisco
Nexus 9272q
All versions
Cisco
Nexus 93108tc Ex
All versions
Cisco
Nexus 93108tc Fx
All versions
Cisco
Nexus 93120tx
All versions
Cisco
Nexus 93128tx
All versions
Cisco
Nexus 93180lc Ex
All versions
Cisco
Nexus 93180yc Ex
All versions
Cisco
Nexus 93180yc Fx
All versions
Cisco
Nexus 93216tc Fx2
All versions
Cisco
Nexus 93240yc Fx2
All versions
Cisco
Nexus 9332c
All versions
Cisco
Nexus 9332pq
All versions
Cisco
Nexus 93360yc Fx2
All versions
Cisco
Nexus 9336c Fx2
All versions
Cisco
Nexus 9336pq Aci Spine
All versions
Cisco
Nexus 9348gc Fxp
All versions
Cisco
Nexus 9364c
All versions
Cisco
Nexus 9372px
All versions
Cisco
Nexus 9372px E
All versions
Cisco
Nexus 9372tx
All versions
Cisco
Nexus 9372tx E
All versions
Cisco
Nexus 9396px
All versions
Cisco
Nexus 9396tx
All versions
Configuration B
1 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Nx Os
From 8.1 to 8.3\(1\)
Running on/withPlatform Versions
Cisco
Nexus 7000
All versions
Cisco
Nexus 7700
All versions
Configuration C
1 vulnerable · 5 platform
Vulnerable SoftwareAffected Versions
Nx Os
From 7.0\(3\) to 7.0\(3\)f3\(5\)
Running on/withPlatform Versions
Cisco
Nexus 36180yc R
All versions
Cisco
Nexus 3636c R
All versions
Cisco
Nexus 9504
All versions
Cisco
Nexus 9508
All versions
Cisco
Nexus 9516
All versions

Related CWEs

CWE-264
CWE-264

References (4)

Source: psirt@cisco.com
Third Party AdvisoryVDB Entry
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.