// For flags

CVE-2019-1587

Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Filter Query Information Disclosure Vulnerability

Severity Score

4.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, remote attacker to access sensitive information. The vulnerability occurs because the affected software does not properly validate user-supplied input. An attacker could exploit this vulnerability by issuing certain commands with filtered query results on the device. This action may cause returned messages to display confidential system information. A successful exploit could allow the attacker to read sensitive information on the device.

Una vulnerabilidad en los Nexus 9000 Series Fabric de Cisco en modo Application Centric Infrastructure (ACI), podría permitir que un atacante remoto identificado acceda a información confidencial. La vulnerabilidad se produce porque el software afectado no comprueba correctamente la entrada suministrada por el usuario. Un atacante podría aprovechar esta vulnerabilidad al emitir ciertos comandos con resultados de petición filtrados en el dispositivo. Esta acción puede causar que los mensajes devueltos muestren información confidencial del sistema. Una operación éxito podría permitirle al atacante leer información confidencial en el dispositivo.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2018-12-06 CVE Reserved
  • 2019-05-03 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-11-21 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
  • CWE-399: Resource Management Errors
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
8.3\(0\)sk\(0.39\)
Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 9000
Search vendor "Cisco" for product "Nexus 9000"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
8.3\(0\)sk\(0.39\)
Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 92160yc-x
Search vendor "Cisco" for product "Nexus 92160yc-x"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
8.3\(0\)sk\(0.39\)
Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 92300yc
Search vendor "Cisco" for product "Nexus 92300yc"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
8.3\(0\)sk\(0.39\)
Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 92304qc
Search vendor "Cisco" for product "Nexus 92304qc"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
8.3\(0\)sk\(0.39\)
Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 9236c
Search vendor "Cisco" for product "Nexus 9236c"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
8.3\(0\)sk\(0.39\)
Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 9272q
Search vendor "Cisco" for product "Nexus 9272q"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
8.3\(0\)sk\(0.39\)
Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 93108tc-ex
Search vendor "Cisco" for product "Nexus 93108tc-ex"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
8.3\(0\)sk\(0.39\)
Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 93108tc-fx
Search vendor "Cisco" for product "Nexus 93108tc-fx"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
8.3\(0\)sk\(0.39\)
Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 93120tx
Search vendor "Cisco" for product "Nexus 93120tx"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
8.3\(0\)sk\(0.39\)
Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 93128tx
Search vendor "Cisco" for product "Nexus 93128tx"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
8.3\(0\)sk\(0.39\)
Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 93180lc-ex
Search vendor "Cisco" for product "Nexus 93180lc-ex"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
8.3\(0\)sk\(0.39\)
Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 93180yc-ex
Search vendor "Cisco" for product "Nexus 93180yc-ex"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
8.3\(0\)sk\(0.39\)
Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 93180yc-fx
Search vendor "Cisco" for product "Nexus 93180yc-fx"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
8.3\(0\)sk\(0.39\)
Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 93240yc-fx2
Search vendor "Cisco" for product "Nexus 93240yc-fx2"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
8.3\(0\)sk\(0.39\)
Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 9332c
Search vendor "Cisco" for product "Nexus 9332c"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
8.3\(0\)sk\(0.39\)
Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 9332pq
Search vendor "Cisco" for product "Nexus 9332pq"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
8.3\(0\)sk\(0.39\)
Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 9336c-fx2
Search vendor "Cisco" for product "Nexus 9336c-fx2"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
8.3\(0\)sk\(0.39\)
Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 9336pq
Search vendor "Cisco" for product "Nexus 9336pq"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
8.3\(0\)sk\(0.39\)
Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 9348gc-fxp
Search vendor "Cisco" for product "Nexus 9348gc-fxp"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
8.3\(0\)sk\(0.39\)
Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 9364c
Search vendor "Cisco" for product "Nexus 9364c"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
8.3\(0\)sk\(0.39\)
Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 9372px
Search vendor "Cisco" for product "Nexus 9372px"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
8.3\(0\)sk\(0.39\)
Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 9372px-e
Search vendor "Cisco" for product "Nexus 9372px-e"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
8.3\(0\)sk\(0.39\)
Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 9372tx
Search vendor "Cisco" for product "Nexus 9372tx"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
8.3\(0\)sk\(0.39\)
Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 9372tx-e
Search vendor "Cisco" for product "Nexus 9372tx-e"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
8.3\(0\)sk\(0.39\)
Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 9396px
Search vendor "Cisco" for product "Nexus 9396px"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
8.3\(0\)sk\(0.39\)
Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 9396tx
Search vendor "Cisco" for product "Nexus 9396tx"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
8.3\(0\)sk\(0.39\)
Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 9508
Search vendor "Cisco" for product "Nexus 9508"
--
Safe