CVE-2019-1587
Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Filter Query Information Disclosure Vulnerability
Severity Score
4.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, remote attacker to access sensitive information. The vulnerability occurs because the affected software does not properly validate user-supplied input. An attacker could exploit this vulnerability by issuing certain commands with filtered query results on the device. This action may cause returned messages to display confidential system information. A successful exploit could allow the attacker to read sensitive information on the device.
Una vulnerabilidad en los Nexus 9000 Series Fabric de Cisco en modo Application Centric Infrastructure (ACI), podría permitir que un atacante remoto identificado acceda a información confidencial. La vulnerabilidad se produce porque el software afectado no comprueba correctamente la entrada suministrada por el usuario. Un atacante podría aprovechar esta vulnerabilidad al emitir ciertos comandos con resultados de petición filtrados en el dispositivo. Esta acción puede causar que los mensajes devueltos muestren información confidencial del sistema. Una operación éxito podría permitirle al atacante leer información confidencial en el dispositivo.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-12-06 CVE Reserved
- 2019-05-03 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-399: Resource Management Errors
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 8.3\(0\)sk\(0.39\) Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 9000 Search vendor "Cisco" for product "Nexus 9000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 8.3\(0\)sk\(0.39\) Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 92160yc-x Search vendor "Cisco" for product "Nexus 92160yc-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 8.3\(0\)sk\(0.39\) Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 92300yc Search vendor "Cisco" for product "Nexus 92300yc" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 8.3\(0\)sk\(0.39\) Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 92304qc Search vendor "Cisco" for product "Nexus 92304qc" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 8.3\(0\)sk\(0.39\) Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 9236c Search vendor "Cisco" for product "Nexus 9236c" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 8.3\(0\)sk\(0.39\) Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 9272q Search vendor "Cisco" for product "Nexus 9272q" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 8.3\(0\)sk\(0.39\) Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 93108tc-ex Search vendor "Cisco" for product "Nexus 93108tc-ex" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 8.3\(0\)sk\(0.39\) Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 93108tc-fx Search vendor "Cisco" for product "Nexus 93108tc-fx" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 8.3\(0\)sk\(0.39\) Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 93120tx Search vendor "Cisco" for product "Nexus 93120tx" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 8.3\(0\)sk\(0.39\) Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 93128tx Search vendor "Cisco" for product "Nexus 93128tx" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 8.3\(0\)sk\(0.39\) Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 93180lc-ex Search vendor "Cisco" for product "Nexus 93180lc-ex" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 8.3\(0\)sk\(0.39\) Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 93180yc-ex Search vendor "Cisco" for product "Nexus 93180yc-ex" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 8.3\(0\)sk\(0.39\) Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 93180yc-fx Search vendor "Cisco" for product "Nexus 93180yc-fx" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 8.3\(0\)sk\(0.39\) Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 93240yc-fx2 Search vendor "Cisco" for product "Nexus 93240yc-fx2" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 8.3\(0\)sk\(0.39\) Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 9332c Search vendor "Cisco" for product "Nexus 9332c" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 8.3\(0\)sk\(0.39\) Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 9332pq Search vendor "Cisco" for product "Nexus 9332pq" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 8.3\(0\)sk\(0.39\) Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 9336c-fx2 Search vendor "Cisco" for product "Nexus 9336c-fx2" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 8.3\(0\)sk\(0.39\) Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 9336pq Search vendor "Cisco" for product "Nexus 9336pq" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 8.3\(0\)sk\(0.39\) Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 9348gc-fxp Search vendor "Cisco" for product "Nexus 9348gc-fxp" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 8.3\(0\)sk\(0.39\) Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 9364c Search vendor "Cisco" for product "Nexus 9364c" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 8.3\(0\)sk\(0.39\) Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 9372px Search vendor "Cisco" for product "Nexus 9372px" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 8.3\(0\)sk\(0.39\) Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 9372px-e Search vendor "Cisco" for product "Nexus 9372px-e" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 8.3\(0\)sk\(0.39\) Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 9372tx Search vendor "Cisco" for product "Nexus 9372tx" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 8.3\(0\)sk\(0.39\) Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 9372tx-e Search vendor "Cisco" for product "Nexus 9372tx-e" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 8.3\(0\)sk\(0.39\) Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 9396px Search vendor "Cisco" for product "Nexus 9396px" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 8.3\(0\)sk\(0.39\) Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 9396tx Search vendor "Cisco" for product "Nexus 9396tx" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 8.3\(0\)sk\(0.39\) Search vendor "Cisco" for product "Nx-os" and version "8.3\(0\)sk\(0.39\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 9508 Search vendor "Cisco" for product "Nexus 9508" | - | - |
Safe
|