CVE-2019-1592
Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Privilege Escalation Vulnerability
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A vulnerability in the background operations functionality of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an authenticated, local attacker to gain elevated privileges as root on an affected device. The vulnerability is due to insufficient validation of user-supplied files on an affected device. An attacker could exploit this vulnerability by logging in to the CLI of the affected device and creating a crafted file in a specific directory on the filesystem. A successful exploit could allow the attacker to execute arbitrary operating system commands as root on an affected device.
Una vulnerabilidad en la funcionalidad background operations de Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) podría permitir a un atacante local identificado conseguir privilegios elevados tipo root en un dispositivo afectado. La vulnerabilidad se debe a una comprobación insuficiente de los archivos provistos por el usuario en un dispositivo afectado. Un atacante podría operar esta vulnerabilidad si inicia sesión en la CLI del dispositivo afectado y crea un archivo diseñado en un directorio específico del sistema de archivos. Una función con éxito podría permitir al atacante ejecutar comandos de sistema operativo arbitrarios como tipo root en un dispositivo afectado.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-12-06 CVE Reserved
- 2019-05-03 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 14.1\(0.90\) Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 9000 Search vendor "Cisco" for product "Nexus 9000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 14.1\(0.90\) Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 92160yc-x Search vendor "Cisco" for product "Nexus 92160yc-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 14.1\(0.90\) Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 92300yc Search vendor "Cisco" for product "Nexus 92300yc" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 14.1\(0.90\) Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 92304qc Search vendor "Cisco" for product "Nexus 92304qc" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 14.1\(0.90\) Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 9236c Search vendor "Cisco" for product "Nexus 9236c" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 14.1\(0.90\) Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 9272q Search vendor "Cisco" for product "Nexus 9272q" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 14.1\(0.90\) Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 93108tc-ex Search vendor "Cisco" for product "Nexus 93108tc-ex" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 14.1\(0.90\) Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 93108tc-fx Search vendor "Cisco" for product "Nexus 93108tc-fx" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 14.1\(0.90\) Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 93120tx Search vendor "Cisco" for product "Nexus 93120tx" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 14.1\(0.90\) Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 93128tx Search vendor "Cisco" for product "Nexus 93128tx" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 14.1\(0.90\) Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 93180lc-ex Search vendor "Cisco" for product "Nexus 93180lc-ex" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 14.1\(0.90\) Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 93180yc-ex Search vendor "Cisco" for product "Nexus 93180yc-ex" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 14.1\(0.90\) Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 93180yc-fx Search vendor "Cisco" for product "Nexus 93180yc-fx" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 14.1\(0.90\) Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 93240yc-fx2 Search vendor "Cisco" for product "Nexus 93240yc-fx2" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 14.1\(0.90\) Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 9332c Search vendor "Cisco" for product "Nexus 9332c" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 14.1\(0.90\) Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 9332pq Search vendor "Cisco" for product "Nexus 9332pq" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 14.1\(0.90\) Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 9336c-fx2 Search vendor "Cisco" for product "Nexus 9336c-fx2" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 14.1\(0.90\) Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 9336pq Search vendor "Cisco" for product "Nexus 9336pq" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 14.1\(0.90\) Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 9348gc-fxp Search vendor "Cisco" for product "Nexus 9348gc-fxp" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 14.1\(0.90\) Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 9364c Search vendor "Cisco" for product "Nexus 9364c" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 14.1\(0.90\) Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 9372px Search vendor "Cisco" for product "Nexus 9372px" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 14.1\(0.90\) Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 9372px-e Search vendor "Cisco" for product "Nexus 9372px-e" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 14.1\(0.90\) Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 9372tx Search vendor "Cisco" for product "Nexus 9372tx" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 14.1\(0.90\) Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 9372tx-e Search vendor "Cisco" for product "Nexus 9372tx-e" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 14.1\(0.90\) Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 9396px Search vendor "Cisco" for product "Nexus 9396px" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 14.1\(0.90\) Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 9396tx Search vendor "Cisco" for product "Nexus 9396tx" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 14.1\(0.90\) Search vendor "Cisco" for product "Nx-os" and version "14.1\(0.90\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 9508 Search vendor "Cisco" for product "Nexus 9508" | - | - |
Safe
|