← Back

CVE-2019-1733

nvd nist
Published: May 15, 2019Modified: Nov 21, 2024

JSON object

Loading...
5.4
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.3 / Impact: 2.7
Source: NVD

Description

A vulnerability in the NX API (NX-API) Sandbox interface for Cisco NX-OS Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the NX-API Sandbox interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the NX-API Sandbox interface. An attacker could exploit this vulnerability by persuading a user of the NX-API Sandbox interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected NX-API Sandbox interface.

Affected (1)

Products: Cisco: Nx Os
Cisco
1 product
Nx Os
Configuration A
1 vulnerable · 16 platform
Vulnerable SoftwareAffected Versions
Nx Os
From 7.0\(3\)i7 to 7.0\(3\)i7\(4\)
Running on/withPlatform Versions
Cisco
Nexus 3000
All versions
Cisco
Nexus 3100
All versions
Cisco
Nexus 3100 Z
All versions
Cisco
Nexus 3100v
All versions
Cisco
Nexus 3200
All versions
Cisco
Nexus 3400
All versions
Cisco
Nexus 3500
All versions
Cisco
Nexus 3524 X
All versions
Cisco
Nexus 3524 Xl
All versions
Cisco
Nexus 3548 X
All versions
Cisco
Nexus 3548 Xl
All versions
Cisco
Nexus 3600
All versions
Cisco
Nexus 9000
All versions
Cisco
Nexus 9200
All versions
Cisco
Nexus 9300
All versions
Cisco
Nexus 9500
All versions

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

Source: psirt@cisco.com
Third Party AdvisoryVDB Entry
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.