CVSS: 7.2EPSS: 0%CPEs: 51EXPL: 0CVE-2019-1730 – Cisco NX-OS Software Bash Bypass Guest Shell Vulnerability
https://notcve.org/view.php?id=CVE-2019-1730
A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to bypass the limited command set of the restricted Guest Shell and execute commands at the privilege level of a network-admin user outside of the Guest Shell. The attacker must authenticate with valid administrator device credentials. The vulnerability is due to the incorrect implementation of a CLI command that allows a Bash command to be incorrectly invoked on the Guest Shell CLI. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the Guest Shell prompt. A successful exploit could allow the attacker to issue commands that should be restricted by a Guest Shell account. na vulnerabilidad en la implementación Bash Shell para el software NX-OS de Cisco, podría permitir a un atacante local autentificado omitir el conjunto de comandos limitados del Guest Shell y ejecutar comandos en el nivel de privilegio de un usuario administrador de la red fuera del Guest Shell. • http://www.securityfocus.com/bid/108397 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-bash-bypass • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 33EXPL: 0CVE-2019-1727 – Cisco NX-OS Software Python Parser Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-1727
A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and issue arbitrary commands to elevate the attacker's privilege level. The vulnerability is due to insufficient sanitization of user-supplied parameters that are passed to certain Python functions in the scripting sandbox of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands to elevate the attacker's privilege level. To exploit this vulnerability, the attacker must have local access and be authenticated to the targeted device with administrative or Python execution privileges. These requirements could limit the possibility of a successful exploit. • http://www.securityfocus.com/bid/108341 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-pyth-escal • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 50EXPL: 0CVE-2019-1728 – Cisco FXOS and NX-OS Software Secure Configuration Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2019-1728
A vulnerability in the Secure Configuration Validation functionality of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to run arbitrary commands at system boot time with the privileges of root. The vulnerability is due to a lack of proper validation of system files when the persistent configuration information is read from the file system. An attacker could exploit this vulnerability by authenticating to the device and overwriting the persistent configuration storage with malicious executable files. An exploit could allow the attacker to run arbitrary commands at system startup and those commands will run as the root user. The attacker must have valid administrative credentials for the device. • http://www.securityfocus.com/bid/108391 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-conf-bypass • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.8EPSS: 0%CPEs: 38EXPL: 0CVE-2019-1726 – Cisco NX-OS Software CLI Bypass to Internal Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1726
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to access internal services that should be restricted on an affected device, such as the NX-API. The vulnerability is due to insufficient validation of arguments passed to a certain CLI command. An attacker could exploit this vulnerability by including malicious input as the argument to the affected command. A successful exploit could allow the attacker to bypass intended restrictions and access internal services of the device. An attacker would need valid device credentials to exploit this vulnerability. • http://www.securityfocus.com/bid/108409 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cli-bypass • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 211EXPL: 0CVE-2019-1649 – Cisco Secure Boot Hardware Tampering Vulnerability
https://notcve.org/view.php?id=CVE-2019-1649
A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that support hardware-based Secure Boot functionality. The vulnerability is due to an improper check on the area of code that manages on-premise updates to a Field Programmable Gate Array (FPGA) part of the Secure Boot hardware implementation. An attacker with elevated privileges and access to the underlying operating system that is running on the affected device could exploit this vulnerability by writing a modified firmware image to the FPGA. A successful exploit could either cause the device to become unusable (and require a hardware replacement) or allow tampering with the Secure Boot verification process, which under some circumstances may allow the attacker to install and boot a malicious software image. • http://www.securityfocus.com/bid/108350 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot https://www.kb.cert.org/vuls/id/400865 https://www.us-cert.gov/ics/advisories/icsa-20-072-03 • CWE-284: Improper Access Control CWE-667: Improper Locking •