// For flags

CVE-2019-1592

Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Privilege Escalation Vulnerability

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track*
*SSVC
Descriptions

A vulnerability in the background operations functionality of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an authenticated, local attacker to gain elevated privileges as root on an affected device. The vulnerability is due to insufficient validation of user-supplied files on an affected device. An attacker could exploit this vulnerability by logging in to the CLI of the affected device and creating a crafted file in a specific directory on the filesystem. A successful exploit could allow the attacker to execute arbitrary operating system commands as root on an affected device.

Una vulnerabilidad en la funcionalidad background operations de Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) podría permitir a un atacante local identificado conseguir privilegios elevados tipo root en un dispositivo afectado. La vulnerabilidad se debe a una comprobación insuficiente de los archivos provistos por el usuario en un dispositivo afectado. Un atacante podría operar esta vulnerabilidad si inicia sesión en la CLI del dispositivo afectado y crea un archivo diseñado en un directorio específico del sistema de archivos. Una función con éxito podría permitir al atacante ejecutar comandos de sistema operativo arbitrarios como tipo root en un dispositivo afectado.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:Track*
Exploitation
None
Automatable
No
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2018-12-06 CVE Reserved
  • 2019-05-03 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-11-20 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
14.1\(0.90\)
Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 9000
Search vendor "Cisco" for product "Nexus 9000"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
14.1\(0.90\)
Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 92160yc-x
Search vendor "Cisco" for product "Nexus 92160yc-x"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
14.1\(0.90\)
Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 92300yc
Search vendor "Cisco" for product "Nexus 92300yc"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
14.1\(0.90\)
Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 92304qc
Search vendor "Cisco" for product "Nexus 92304qc"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
14.1\(0.90\)
Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 9236c
Search vendor "Cisco" for product "Nexus 9236c"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
14.1\(0.90\)
Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 9272q
Search vendor "Cisco" for product "Nexus 9272q"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
14.1\(0.90\)
Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 93108tc-ex
Search vendor "Cisco" for product "Nexus 93108tc-ex"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
14.1\(0.90\)
Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 93108tc-fx
Search vendor "Cisco" for product "Nexus 93108tc-fx"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
14.1\(0.90\)
Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 93120tx
Search vendor "Cisco" for product "Nexus 93120tx"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
14.1\(0.90\)
Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 93128tx
Search vendor "Cisco" for product "Nexus 93128tx"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
14.1\(0.90\)
Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 93180lc-ex
Search vendor "Cisco" for product "Nexus 93180lc-ex"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
14.1\(0.90\)
Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 93180yc-ex
Search vendor "Cisco" for product "Nexus 93180yc-ex"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
14.1\(0.90\)
Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 93180yc-fx
Search vendor "Cisco" for product "Nexus 93180yc-fx"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
14.1\(0.90\)
Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 93240yc-fx2
Search vendor "Cisco" for product "Nexus 93240yc-fx2"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
14.1\(0.90\)
Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 9332c
Search vendor "Cisco" for product "Nexus 9332c"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
14.1\(0.90\)
Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 9332pq
Search vendor "Cisco" for product "Nexus 9332pq"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
14.1\(0.90\)
Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 9336c-fx2
Search vendor "Cisco" for product "Nexus 9336c-fx2"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
14.1\(0.90\)
Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 9336pq
Search vendor "Cisco" for product "Nexus 9336pq"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
14.1\(0.90\)
Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 9348gc-fxp
Search vendor "Cisco" for product "Nexus 9348gc-fxp"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
14.1\(0.90\)
Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 9364c
Search vendor "Cisco" for product "Nexus 9364c"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
14.1\(0.90\)
Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 9372px
Search vendor "Cisco" for product "Nexus 9372px"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
14.1\(0.90\)
Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 9372px-e
Search vendor "Cisco" for product "Nexus 9372px-e"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
14.1\(0.90\)
Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 9372tx
Search vendor "Cisco" for product "Nexus 9372tx"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
14.1\(0.90\)
Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 9372tx-e
Search vendor "Cisco" for product "Nexus 9372tx-e"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
14.1\(0.90\)
Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 9396px
Search vendor "Cisco" for product "Nexus 9396px"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
14.1\(0.90\)
Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 9396tx
Search vendor "Cisco" for product "Nexus 9396tx"
--
Safe
Cisco
Search vendor "Cisco"
Nx-os
Search vendor "Cisco" for product "Nx-os"
14.1\(0.90\)
Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)"
-
Affected
in Cisco
Search vendor "Cisco"
Nexus 9508
Search vendor "Cisco" for product "Nexus 9508"
--
Safe