← Back

CVE-2019-1732

nvd nist
Published: May 15, 2019Modified: Nov 21, 2024

JSON object

Loading...
6.4
Vector
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.5 / Impact: 5.9
Source: NVD

Description

A vulnerability in the Remote Package Manager (RPM) subsystem of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to leverage a time-of-check, time-of-use (TOCTOU) race condition to corrupt local variables, which could lead to arbitrary command injection. The vulnerability is due to the lack of a proper locking mechanism on critical variables that need to stay static until used. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a set of RPM-related CLI commands. A successful exploit could allow the attacker to perform arbitrary command injection. The attacker would need administrator credentials for the targeted device.

Affected (2)

Products: Cisco: Nx Os
Cisco
1 product
Nx Os
Configuration A
1 vulnerable · 15 platform
Vulnerable SoftwareAffected Versions
Nx Os
From 7.0\(3\)i4 to 7.0\(3\)i7\(4\)
Running on/withPlatform Versions
Cisco
Nexus 3000
All versions
Cisco
Nexus 3100
All versions
Cisco
Nexus 3100 Z
All versions
Cisco
Nexus 3100v
All versions
Cisco
Nexus 3200
All versions
Cisco
Nexus 3400
All versions
Cisco
Nexus 3500
All versions
Cisco
Nexus 3524 X
All versions
Cisco
Nexus 3524 Xl
All versions
Cisco
Nexus 3548 X
All versions
Cisco
Nexus 3548 Xl
All versions
Cisco
Nexus 9000
All versions
Cisco
Nexus 9200
All versions
Cisco
Nexus 9300
All versions
Cisco
Nexus 9500
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nx Os
From 7.0\(3\) to 7.0\(3\)f3\(5\)
Running on/withPlatform Versions
Cisco
Nexus 3600
All versions

Related CWEs

CWE-667
Improper Locking
The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (4)

Source: psirt@cisco.com
Third Party AdvisoryVDB Entry
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.