CVE-2019-1809

Published: May 15, 2019Modified: Nov 21, 2024

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by crafting an unsigned software patch to bypass signature checks and loading it on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image.

Affected (5)

Products: Cisco: Nx Os

Cisco

1 product

Nx Os

Configuration A

2 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Cisco Nx Os	From 7.3 to 8.1\(1a\)
Cisco Nx Os	From 8.2 to 8.3\(1\)

Running on/with	Platform Versions
Cisco Mds 9706	All versions
Cisco Mds 9710	All versions
Cisco Mds 9718	All versions

Configuration B

2 vulnerable · 28 platform

Vulnerable Software	Affected Versions
Cisco Nx Os	From 7.2 to 7.3\(3\)d1\(1\)
Cisco Nx Os	From 8.0 to 8.2\(3\)

Running on/with	Platform Versions
Cisco 7000 10 Slot	All versions
Cisco 7000 18 Slot	All versions
Cisco 7000 4 Slot	All versions
Cisco 7000 9 Slot	All versions
Cisco 7700 10 Slot	All versions
Cisco 7700 18 Slot	All versions
Cisco 7700 2 Slot	All versions
Cisco 7700 6 Slot	All versions
Cisco N77 F312ck 26	All versions
Cisco N77 F324fq 25	All versions
Cisco N77 F348xp 23	All versions
Cisco N77 F430cq 36	All versions
Cisco N77 M312cq 26l	All versions
Cisco N77 M324fq 25l	All versions
Cisco N77 M348xp 23l	All versions
Cisco N7k F248xp 25e	All versions
Cisco N7k F306ck 25	All versions
Cisco N7k F312fq 25	All versions
Cisco N7k M202cf 22l	All versions
Cisco N7k M206fq 23l	All versions
Cisco N7k M224xp 23l	All versions
Cisco N7k M324fq 25l	All versions
Cisco N7k M348xp 25l	All versions
Cisco Nexus 7000 Supervisor 1	All versions
Cisco Nexus 7000 Supervisor 2	All versions
Cisco Nexus 7000 Supervisor 2e	All versions
Cisco Nexus 7700 Supervisor 2e	All versions
Cisco Nexus 7700 Supervisor 3e	All versions