CVE-2019-1729

Cisco NX-OS Software Arbitrary File Overwrite Vulnerability

Severity Score

6.0

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

A vulnerability in the CLI implementation of a specific command used for image maintenance for Cisco NX-OS Software could allow an authenticated, local attacker to overwrite any file on the file system including system files. These file overwrites by the attacker are accomplished at the root privilege level. The vulnerability occurs because there is no verification of user-input parameters and or digital-signature verification for image files when using a specific CLI command. An attacker could exploit this vulnerability by authenticating to the device and issuing a command at the CLI. Because an exploit could allow the attacker to overwrite any file on the disk, including system files, a denial of service (DoS) condition could occur. The attacker must have valid administrator credentials for the affected device to exploit this vulnerability.

Una vulnerabilidad en la implementación de la CLI de un comando específico utilizado para el mantenimiento de imágenes del programa NX-OS de Cisco podría permitir que un atacante local identificado sobrescribiera cualquier archivo en el sistema de archivos, incluidos los archivos del sistema. Estos archivos sobrescritos por el atacante se realizan en el nivel de privilegio de tipo root. La vulnerabilidad se produce porque no hay comprobación de los parámetros de entrada del usuario ni comprobación de firma digital para los archivos de imagen cuando se usa un comando CLI específico. Un atacante podría explotar esta vulnerabilidad al identificarse en el dispositivo y emitir un comando en la CLI. Debido a que una vulnerabilidad podría permitir al atacante sobrescribir cualquier archivo en el disco, incluidos los archivos del sistema, podría ocurrir una condición de Denegación de Servicio (DoS). El atacante deber contar con credenciales de administrador válidas para que el dispositivo afectado ataque esta vulnerabilidad.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2018-12-06 CVE Reserved
2019-05-15 CVE Published
2023-03-08 EPSS Updated
2024-11-20 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation
CWE-347: Improper Verification of Cryptographic Signature

CAPEC

References (2)

URL	Tag	Source
http://www.securityfocus.com/bid/108378	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-file-write	2020-10-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	< 7.0\(3\)i4\(9\) Search vendor "Cisco" for product "Nx-os" and version " < 7.0\(3\)i4\(9\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 3000 Search vendor "Cisco" for product "Nexus 3000"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	< 7.0\(3\)i4\(9\) Search vendor "Cisco" for product "Nx-os" and version " < 7.0\(3\)i4\(9\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 3100 Search vendor "Cisco" for product "Nexus 3100"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	< 7.0\(3\)i4\(9\) Search vendor "Cisco" for product "Nx-os" and version " < 7.0\(3\)i4\(9\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 3100-z Search vendor "Cisco" for product "Nexus 3100-z"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	< 7.0\(3\)i4\(9\) Search vendor "Cisco" for product "Nx-os" and version " < 7.0\(3\)i4\(9\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 3100v Search vendor "Cisco" for product "Nexus 3100v"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	< 7.0\(3\)i4\(9\) Search vendor "Cisco" for product "Nx-os" and version " < 7.0\(3\)i4\(9\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 3200 Search vendor "Cisco" for product "Nexus 3200"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	< 7.0\(3\)i4\(9\) Search vendor "Cisco" for product "Nx-os" and version " < 7.0\(3\)i4\(9\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 3400 Search vendor "Cisco" for product "Nexus 3400"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	< 7.0\(3\)i4\(9\) Search vendor "Cisco" for product "Nx-os" and version " < 7.0\(3\)i4\(9\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 3500 Search vendor "Cisco" for product "Nexus 3500"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	< 7.0\(3\)i4\(9\) Search vendor "Cisco" for product "Nx-os" and version " < 7.0\(3\)i4\(9\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 3524-x Search vendor "Cisco" for product "Nexus 3524-x"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	< 7.0\(3\)i4\(9\) Search vendor "Cisco" for product "Nx-os" and version " < 7.0\(3\)i4\(9\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 3524-xl Search vendor "Cisco" for product "Nexus 3524-xl"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	< 7.0\(3\)i4\(9\) Search vendor "Cisco" for product "Nx-os" and version " < 7.0\(3\)i4\(9\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 3548-x Search vendor "Cisco" for product "Nexus 3548-x"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	< 7.0\(3\)i4\(9\) Search vendor "Cisco" for product "Nx-os" and version " < 7.0\(3\)i4\(9\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 3548-xl Search vendor "Cisco" for product "Nexus 3548-xl"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	< 7.0\(3\)i4\(9\) Search vendor "Cisco" for product "Nx-os" and version " < 7.0\(3\)i4\(9\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9000 Search vendor "Cisco" for product "Nexus 9000"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	< 7.0\(3\)i4\(9\) Search vendor "Cisco" for product "Nx-os" and version " < 7.0\(3\)i4\(9\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9200 Search vendor "Cisco" for product "Nexus 9200"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	< 7.0\(3\)i4\(9\) Search vendor "Cisco" for product "Nx-os" and version " < 7.0\(3\)i4\(9\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9300 Search vendor "Cisco" for product "Nexus 9300"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	>= 7.0\(3\)i7 < 7.0\(3\)i7\(4\) Search vendor "Cisco" for product "Nx-os" and version " >= 7.0\(3\)i7 < 7.0\(3\)i7\(4\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 3000 Search vendor "Cisco" for product "Nexus 3000"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	>= 7.0\(3\)i7 < 7.0\(3\)i7\(4\) Search vendor "Cisco" for product "Nx-os" and version " >= 7.0\(3\)i7 < 7.0\(3\)i7\(4\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 3100 Search vendor "Cisco" for product "Nexus 3100"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	>= 7.0\(3\)i7 < 7.0\(3\)i7\(4\) Search vendor "Cisco" for product "Nx-os" and version " >= 7.0\(3\)i7 < 7.0\(3\)i7\(4\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 3100-z Search vendor "Cisco" for product "Nexus 3100-z"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	>= 7.0\(3\)i7 < 7.0\(3\)i7\(4\) Search vendor "Cisco" for product "Nx-os" and version " >= 7.0\(3\)i7 < 7.0\(3\)i7\(4\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 3100v Search vendor "Cisco" for product "Nexus 3100v"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	>= 7.0\(3\)i7 < 7.0\(3\)i7\(4\) Search vendor "Cisco" for product "Nx-os" and version " >= 7.0\(3\)i7 < 7.0\(3\)i7\(4\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 3200 Search vendor "Cisco" for product "Nexus 3200"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	>= 7.0\(3\)i7 < 7.0\(3\)i7\(4\) Search vendor "Cisco" for product "Nx-os" and version " >= 7.0\(3\)i7 < 7.0\(3\)i7\(4\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 3400 Search vendor "Cisco" for product "Nexus 3400"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	>= 7.0\(3\)i7 < 7.0\(3\)i7\(4\) Search vendor "Cisco" for product "Nx-os" and version " >= 7.0\(3\)i7 < 7.0\(3\)i7\(4\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 3500 Search vendor "Cisco" for product "Nexus 3500"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	>= 7.0\(3\)i7 < 7.0\(3\)i7\(4\) Search vendor "Cisco" for product "Nx-os" and version " >= 7.0\(3\)i7 < 7.0\(3\)i7\(4\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 3524-x Search vendor "Cisco" for product "Nexus 3524-x"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	>= 7.0\(3\)i7 < 7.0\(3\)i7\(4\) Search vendor "Cisco" for product "Nx-os" and version " >= 7.0\(3\)i7 < 7.0\(3\)i7\(4\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 3524-xl Search vendor "Cisco" for product "Nexus 3524-xl"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	>= 7.0\(3\)i7 < 7.0\(3\)i7\(4\) Search vendor "Cisco" for product "Nx-os" and version " >= 7.0\(3\)i7 < 7.0\(3\)i7\(4\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 3548-x Search vendor "Cisco" for product "Nexus 3548-x"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	>= 7.0\(3\)i7 < 7.0\(3\)i7\(4\) Search vendor "Cisco" for product "Nx-os" and version " >= 7.0\(3\)i7 < 7.0\(3\)i7\(4\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 3548-xl Search vendor "Cisco" for product "Nexus 3548-xl"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	>= 7.0\(3\)i7 < 7.0\(3\)i7\(4\) Search vendor "Cisco" for product "Nx-os" and version " >= 7.0\(3\)i7 < 7.0\(3\)i7\(4\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9000 Search vendor "Cisco" for product "Nexus 9000"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	>= 7.0\(3\)i7 < 7.0\(3\)i7\(4\) Search vendor "Cisco" for product "Nx-os" and version " >= 7.0\(3\)i7 < 7.0\(3\)i7\(4\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9200 Search vendor "Cisco" for product "Nexus 9200"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	>= 7.0\(3\)i7 < 7.0\(3\)i7\(4\) Search vendor "Cisco" for product "Nx-os" and version " >= 7.0\(3\)i7 < 7.0\(3\)i7\(4\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9300 Search vendor "Cisco" for product "Nexus 9300"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	>= 7.0\(3\) < 7.0\(3\)f3\(5\) Search vendor "Cisco" for product "Nx-os" and version " >= 7.0\(3\) < 7.0\(3\)f3\(5\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 36180yc-r Search vendor "Cisco" for product "Nexus 36180yc-r"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	>= 7.0\(3\) < 7.0\(3\)f3\(5\) Search vendor "Cisco" for product "Nx-os" and version " >= 7.0\(3\) < 7.0\(3\)f3\(5\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 3636c-r Search vendor "Cisco" for product "Nexus 3636c-r"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	>= 7.0\(3\) < 7.0\(3\)f3\(5\) Search vendor "Cisco" for product "Nx-os" and version " >= 7.0\(3\) < 7.0\(3\)f3\(5\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9504 Search vendor "Cisco" for product "Nexus 9504"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	>= 7.0\(3\) < 7.0\(3\)f3\(5\) Search vendor "Cisco" for product "Nx-os" and version " >= 7.0\(3\) < 7.0\(3\)f3\(5\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9508 Search vendor "Cisco" for product "Nexus 9508"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	>= 7.0\(3\) < 7.0\(3\)f3\(5\) Search vendor "Cisco" for product "Nx-os" and version " >= 7.0\(3\) < 7.0\(3\)f3\(5\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9516 Search vendor "Cisco" for product "Nexus 9516"	-	-	Safe