CVSS: 7.2EPSS: 0%CPEs: 32EXPL: 0CVE-2019-1609 – Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1609)
https://notcve.org/view.php?id=CVE-2019-1609
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. • http://www.securityfocus.com/bid/107341 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1609 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0CVE-2019-1605 – Cisco NX-OS Software NX-API Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-1605
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary code as root. The vulnerability is due to incorrect input validation in the NX-API feature. An attacker could exploit this vulnerability by sending a crafted HTTP or HTTPS request to an internal service on an affected device that has the NX-API feature enabled. A successful exploit could allow the attacker to cause a buffer overflow and execute arbitrary code as root. Note: The NX-API feature is disabled by default. • http://www.securityfocus.com/bid/107313 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-api-ex • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2019-1604 – Cisco NX-OS Software Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-1604
A vulnerability in the user account management interface of Cisco NX-OS Software could allow an authenticated, local attacker to gain elevated privileges on an affected device. The vulnerability is due to an incorrect authorization check of user accounts and their associated Group ID (GID). An attacker could exploit this vulnerability by taking advantage of a logic error that will permit the use of higher privileged commands than what is necessarily assigned. A successful exploit could allow an attacker to execute commands with elevated privileges on the underlying Linux shell of an affected device. Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 8.2(3), and 8.3(2). • http://www.securityfocus.com/bid/107323 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-privesca • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2019-1602 – Cisco NX-OS Software Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-1602
A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive data that could be used to elevate their privileges to administrator. The vulnerability is due to improper implementation of filesystem permissions. An attacker could exploit this vulnerability by logging in to the CLI of an affected device, accessing a specific file, and leveraging this information to authenticate to the NX-API server. A successful exploit could allow an attacker to make configuration changes as administrator. Note: NX-API is disabled by default. • http://www.securityfocus.com/bid/107332 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-escalation • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2019-1603 – Cisco NX-OS Software Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-1603
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to escalate lower-level privileges to the administrator level. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by authenticating to the targeted device and executing commands that could lead to elevated privileges. A successful exploit could allow an attacker to make configuration changes to the system as administrator. Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I7(4). • http://www.securityfocus.com/bid/107328 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-privesc • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •