CVE-2019-1813
6.7
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.8 / Impact: 5.9
Source: NVD
Description
A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device.
Affected (4)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| From 7.0\(3\)i1\(x\) to 7.0\(3\)i7\(5\) |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 3048 | All versions |
Cisco Nexus 31108pc V | All versions |
Cisco Nexus 31108tc V | All versions |
Cisco Nexus 31128pq | All versions |
Cisco Nexus 3132c Z | All versions |
Cisco Nexus 3132q V | All versions |
Cisco Nexus 3132q X/3132q Xl | All versions |
Cisco Nexus 3164q | All versions |
Cisco Nexus 3172pq/pq Xl | All versions |
Cisco Nexus 3172tq Xl | All versions |
Cisco Nexus 3232c | All versions |
Cisco Nexus 3264c E | All versions |
Cisco Nexus 3264q | All versions |
Cisco Nexus 3408 S | All versions |
Cisco Nexus 34180yc | All versions |
Cisco Nexus 3432d S | All versions |
Cisco Nexus 3464c | All versions |
Cisco Nexus 3524 X/xl | All versions |
Cisco Nexus 3548 X/xl | All versions |
Configuration B
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 7.0\(3\)i7\(5\) |
| Running on/with | Platform Versions |
|---|---|
Cisco 9432pq | All versions |
Cisco 9536pq | All versions |
Cisco 9636pq | All versions |
Cisco 9736pq | All versions |
Cisco N9k X9432c S | All versions |
Cisco N9k X9464px | All versions |
Cisco N9k X9464tx2 | All versions |
Cisco N9k X9564px | All versions |
Cisco N9k X9564tx | All versions |
Cisco N9k X9636c R | All versions |
Cisco N9k X9636c Rx | All versions |
Cisco N9k X97160yc Ex | All versions |
Cisco N9k X9732c Ex | All versions |
Cisco N9k X9732c Fx | All versions |
Cisco N9k X9736c Ex | All versions |
Cisco N9k X9736c Fx | All versions |
Cisco N9k X9788tc Fx | All versions |
Cisco Nexus 92160yc X | All versions |
Cisco Nexus 92300yc | All versions |
Cisco Nexus 93108tc Ex | All versions |
Cisco Nexus 93108tc Fx | All versions |
Cisco Nexus 93120tx | All versions |
Cisco Nexus 9316d Gx | All versions |
Cisco Nexus 93180lc Ex | All versions |
Cisco Nexus 93180yc Ex | All versions |
Cisco Nexus 93180yc Fx | All versions |
Cisco Nexus 93216tc Fx2 | All versions |
Cisco Nexus 93240yc Fx2 | All versions |
Cisco Nexus 9332c | All versions |
Cisco Nexus 93360yc Fx2 | All versions |
Cisco Nexus 9336c Fx2 | All versions |
Cisco Nexus 9348gc Fxp | All versions |
Cisco Nexus 93600cd Gx | All versions |
Cisco Nexus 9364c | All versions |
Cisco Nexus 9500 Supervisor A | All versions |
Cisco Nexus 9500 Supervisor A+ | All versions |
Cisco Nexus 9500 Supervisor B | All versions |
Cisco Nexus 9500 Supervisor B+ | All versions |
Cisco Nexus 9504 | All versions |
Cisco Nexus 9508 | All versions |
Cisco Nexus 9516 | All versions |
Cisco X9636q R | All versions |
References (4)
Source: psirt@cisco.com
Broken LinkThird Party AdvisoryVDB Entry
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.