CVE-2019-1795
6.7
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.8 / Impact: 5.9
Source: NVD
Description
A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.
Affected (19)
Products: Cisco: Nx Os, Firepower Extensible Operating System
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.2\(3\) |
| Running on/with | Platform Versions |
|---|---|
Cisco Mds 9132t | All versions |
Cisco Mds 9148s | All versions |
Cisco Mds 9148t | All versions |
Cisco Mds 9216 | All versions |
Cisco Mds 9216a | All versions |
Cisco Mds 9216i | All versions |
Cisco Mds 9222i | All versions |
Cisco Mds 9250i | All versions |
Cisco Mds 9396s | All versions |
Cisco Mds 9396t | All versions |
Cisco Mds 9506 | All versions |
Cisco Mds 9509 | All versions |
Cisco Mds 9513 | All versions |
Cisco Mds 9706 | All versions |
Cisco Mds 9710 | All versions |
Cisco Mds 9718 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 7.0\(3\)i4\(8\) |
| Running on/with | Platform Versions |
|---|---|
Cisco 9432pq | All versions |
Cisco 9536pq | All versions |
Cisco 9636pq | All versions |
Cisco 9736pq | All versions |
Cisco N9k X9432c S | All versions |
Cisco N9k X9464px | All versions |
Cisco N9k X9464tx2 | All versions |
Cisco N9k X9564px | All versions |
Cisco N9k X9564tx | All versions |
Cisco N9k X97160yc Ex | All versions |
Cisco N9k X9732c Ex | All versions |
Cisco N9k X9732c Fx | All versions |
Cisco N9k X9736c Ex | All versions |
Cisco N9k X9736c Fx | All versions |
Cisco N9k X9788tc Fx | All versions |
Cisco Nexus 3048 | All versions |
Cisco Nexus 31108pc V | All versions |
Cisco Nexus 31108tc V | All versions |
Cisco Nexus 31128pq | All versions |
Cisco Nexus 3132c Z | All versions |
Cisco Nexus 3132q V | All versions |
Cisco Nexus 3132q X/3132q Xl | All versions |
Cisco Nexus 3164q | All versions |
Cisco Nexus 3172pq/pq Xl | All versions |
Cisco Nexus 3172tq Xl | All versions |
Cisco Nexus 3232c | All versions |
Cisco Nexus 3264c E | All versions |
Cisco Nexus 3264q | All versions |
Cisco Nexus 3408 S | All versions |
Cisco Nexus 34180yc | All versions |
Cisco Nexus 3432d S | All versions |
Cisco Nexus 3464c | All versions |
Cisco Nexus 92160yc X | All versions |
Cisco Nexus 92300yc | All versions |
Cisco Nexus 93108tc Ex | All versions |
Cisco Nexus 93108tc Fx | All versions |
Cisco Nexus 93120tx | All versions |
Cisco Nexus 9316d Gx | All versions |
Cisco Nexus 93180lc Ex | All versions |
Cisco Nexus 93180yc Ex | All versions |
Cisco Nexus 93180yc Fx | All versions |
Cisco Nexus 93216tc Fx2 | All versions |
Cisco Nexus 93240yc Fx2 | All versions |
Cisco Nexus 9332c | All versions |
Cisco Nexus 93360yc Fx2 | All versions |
Cisco Nexus 9336c Fx2 | All versions |
Cisco Nexus 9348gc Fxp | All versions |
Cisco Nexus 93600cd Gx | All versions |
Cisco Nexus 9364c | All versions |
Cisco Nexus 9500 Supervisor A | All versions |
Cisco Nexus 9500 Supervisor A+ | All versions |
Cisco Nexus 9500 Supervisor B | All versions |
Cisco Nexus 9500 Supervisor B+ | All versions |
Cisco Nexus 9504 | All versions |
Cisco Nexus 9508 | All versions |
Cisco Nexus 9516 | All versions |
Configuration C
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| From 7.0\(3\) to 7.0\(3\)f3\(5\) |
| Running on/with | Platform Versions |
|---|---|
Cisco N9k C9504 Fm R | All versions |
Cisco N9k C9508 Fm R | All versions |
Cisco N9k X96136yc R | All versions |
Cisco N9k X9636c R | All versions |
Cisco N9k X9636c Rx | All versions |
Cisco N9k X9636q R | All versions |
Cisco Nexus 36180yc R | All versions |
Cisco Nexus 3636c R | All versions |
Cisco X96136yc R | All versions |
Cisco X9636c R | All versions |
Cisco X9636c Rx | All versions |
Cisco X9636q R | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 7.3\(4\)n1\(1\) |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 5010 | All versions |
Cisco Nexus 5020 | All versions |
Cisco Nexus 5548p | All versions |
Cisco Nexus 5548up | All versions |
Cisco Nexus 5596t | All versions |
Cisco Nexus 5596up | All versions |
Cisco Nexus 56128p | All versions |
Cisco Nexus 5624q | All versions |
Cisco Nexus 5648q | All versions |
Cisco Nexus 5672up | All versions |
Cisco Nexus 5672up 16g | All versions |
Cisco Nexus 5696q | All versions |
Cisco Nexus 6001 | All versions |
Cisco Nexus 6004 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 6.2\(22\) |
| Running on/with | Platform Versions |
|---|---|
Cisco 7000 10 Slot | All versions |
Cisco 7000 18 Slot | All versions |
Cisco 7000 4 Slot | All versions |
Cisco 7000 9 Slot | All versions |
Cisco 7700 10 Slot | All versions |
Cisco 7700 18 Slot | All versions |
Cisco 7700 2 Slot | All versions |
Cisco 7700 6 Slot | All versions |
Cisco N77 F312ck 26 | All versions |
Cisco N77 F324fq 25 | All versions |
Cisco N77 F348xp 23 | All versions |
Cisco N77 F430cq 36 | All versions |
Cisco N77 M312cq 26l | All versions |
Cisco N77 M324fq 25l | All versions |
Cisco N77 M348xp 23l | All versions |
Cisco N7k F248xp 25e | All versions |
Cisco N7k F306ck 25 | All versions |
Cisco N7k F312fq 25 | All versions |
Cisco N7k M202cf 22l | All versions |
Cisco N7k M206fq 23l | All versions |
Cisco N7k M224xp 23l | All versions |
Cisco N7k M324fq 25l | All versions |
Cisco N7k M348xp 25l | All versions |
Cisco Nexus 7000 Supervisor 1 | All versions |
Cisco Nexus 7000 Supervisor 2 | All versions |
Cisco Nexus 7000 Supervisor 2e | All versions |
Cisco Nexus 7700 Supervisor 2e | All versions |
Cisco Nexus 7700 Supervisor 3e | All versions |
Configuration G
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.0.1.201 |
| Running on/with | Platform Versions |
|---|---|
Cisco Firepower 4110 | All versions |
Cisco Firepower 4120 | All versions |
Cisco Firepower 4140 | All versions |
Cisco Firepower 4150 | All versions |
Cisco Firepower 9300 With 1 Sm 24 Module | All versions |
Cisco Firepower 9300 With 1 Sm 36 Module | All versions |
Cisco Firepower 9300 With 1 Sm 44 Module | All versions |
Cisco Firepower 9300 With 3 Sm 44 Modules | All versions |
Configuration I
Related CWEs
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
The product constructs a string for a command to be executed by a separate component
in another control sphere, but it does not properly delimit the
intended arguments, options, or switches within that command string.
References (4)
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.