CVE-2019-1598 – Cisco FXOS and NX-OS Lightweight Directory Access Protocol Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-1598
Multiple vulnerabilities in the implementation of the Lightweight Directory Access Protocol (LDAP) feature in Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of LDAP packets by an affected device. An attacker could exploit these vulnerabilities by sending an LDAP packet crafted using Basic Encoding Rules (BER) to an affected device. The LDAP packet must have a source IP address of an LDAP server configured on the targeted device. A successful exploit could cause the affected device to reload, resulting in a DoS condition. • http://www.securityfocus.com/bid/107394 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxosldap • CWE-20: Improper Input Validation •
CVE-2019-1596 – Cisco NX-OS Software Bash Shell Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-1596
A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to escalate their privilege level to root. The attacker must authenticate with valid user credentials. The vulnerability is due to incorrect permissions of a system executable. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the Bash prompt. A successful exploit could allow the attacker to escalate their privilege level to root. • http://www.securityfocus.com/bid/107340 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-pe • CWE-264: Permissions, Privileges, and Access Controls CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2019-1597 – Cisco FXOS and NX-OS Lightweight Directory Access Protocol Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-1597
Multiple vulnerabilities in the implementation of the Lightweight Directory Access Protocol (LDAP) feature in Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of LDAP packets by an affected device. An attacker could exploit these vulnerabilities by sending an LDAP packet crafted using Basic Encoding Rules (BER) to an affected device. The LDAP packet must have a source IP address of an LDAP server configured on the targeted device. A successful exploit could cause the affected device to reload, resulting in a DoS condition. • http://www.securityfocus.com/bid/107394 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxosldap • CWE-20: Improper Input Validation •
CVE-2019-1591 – Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Shell Escape Vulnerability
https://notcve.org/view.php?id=CVE-2019-1591
A vulnerability in a specific CLI command implementation of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attacker to escape a restricted shell on an affected device. The vulnerability is due to insufficient sanitization of user-supplied input when issuing a specific CLI command with parameters on an affected device. An attacker could exploit this vulnerability by authenticating to the device CLI and issuing certain commands. A successful exploit could allow the attacker to escape the restricted shell and execute arbitrary commands with root-level privileges on the affected device. This vulnerability only affects Cisco Nexus 9000 Series ACI Mode Switches that are running a release prior to 14.0(3d). • http://www.securityfocus.com/bid/107311 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-aci-shell-escape • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-264: Permissions, Privileges, and Access Controls •
CVE-2019-1593 – Cisco NX-OS Software Bash Shell Role-Based Access Control Bypass Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-1593
A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to escalate their privilege level by executing commands authorized to other user roles. The attacker must authenticate with valid user credentials. The vulnerability is due to the incorrect implementation of a Bash shell command that allows role-based access control (RBAC) to be bypassed. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the Bash prompt. A successful exploit could allow the attacker to escalate their privilege level by executing commands that should be restricted to other roles. • http://www.securityfocus.com/bid/107324 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nx-os-bash-escal • CWE-264: Permissions, Privileges, and Access Controls •