CVE-2019-1803

Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Root Privilege Escalation Vulnerability

Severity Score

6.7

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

A vulnerability in the filesystem management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an authenticated, local attacker with administrator rights to gain elevated privileges as the root user on an affected device. The vulnerability is due to overly permissive file permissions of specific system files. An attacker could exploit this vulnerability by authenticating to an affected device, creating a crafted command string, and writing this crafted string to a specific file location. A successful exploit could allow the attacker to execute arbitrary operating system commands as root on an affected device. The attacker would need to have valid administrator credentials for the device.

Una vulnerabilidad en la administración del sistema de archivos para el programa Cisco Nexus 9000 Series Application Centric Infrastructure (ACI), podría permitir a un atacante local autorizado con derechos de administrador conseguir privilegios elevados como usuario tipo root en un dispositivo afectado. La vulnerabilidad se debe a los permisos de archivos excesivamente flexibles de archivos específicos del sistema. Un atacante podría aprovechar esta vulnerabilidad al identificarse en un dispositivo afectado, crear una cadena de comandos creada y escribir esta cadena en una ubicación específica del archivo. Una operación exito podría permitir al atacante ejecutar comandos de sistema operativo arbitrarios tipo root en un dispositivo afectado. El atacante debería tener credenciales de administrador válidas para el dispositivo.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2018-12-06 CVE Reserved
2019-05-03 CVE Published
2023-03-08 EPSS Updated
2024-11-20 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-264: Permissions, Privileges, and Access Controls
CWE-732: Incorrect Permission Assignment for Critical Resource

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-nexus9k-rpe	2020-10-13

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"	Nexus 9000 Series Application Centric Infrastructure Search vendor "Cisco" for product "Nexus 9000 Series Application Centric Infrastructure"	-	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 93108tc-ex Search vendor "Cisco" for product "Nexus 93108tc-ex"	-	-	Safe
Cisco Search vendor "Cisco"	Nexus 9000 Series Application Centric Infrastructure Search vendor "Cisco" for product "Nexus 9000 Series Application Centric Infrastructure"	-	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 93120tx Search vendor "Cisco" for product "Nexus 93120tx"	-	-	Safe
Cisco Search vendor "Cisco"	Nexus 9000 Series Application Centric Infrastructure Search vendor "Cisco" for product "Nexus 9000 Series Application Centric Infrastructure"	-	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 93128tx Search vendor "Cisco" for product "Nexus 93128tx"	-	-	Safe
Cisco Search vendor "Cisco"	Nexus 9000 Series Application Centric Infrastructure Search vendor "Cisco" for product "Nexus 9000 Series Application Centric Infrastructure"	-	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 93180lc-ex Search vendor "Cisco" for product "Nexus 93180lc-ex"	-	-	Safe
Cisco Search vendor "Cisco"	Nexus 9000 Series Application Centric Infrastructure Search vendor "Cisco" for product "Nexus 9000 Series Application Centric Infrastructure"	-	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 93180tc-ex Search vendor "Cisco" for product "Nexus 93180tc-ex"	-	-	Safe
Cisco Search vendor "Cisco"	Nexus 9000 Series Application Centric Infrastructure Search vendor "Cisco" for product "Nexus 9000 Series Application Centric Infrastructure"	-	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 93180yc-ex Search vendor "Cisco" for product "Nexus 93180yc-ex"	-	-	Safe
Cisco Search vendor "Cisco"	Nexus 9000 Series Application Centric Infrastructure Search vendor "Cisco" for product "Nexus 9000 Series Application Centric Infrastructure"	-	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 93180yc-fx Search vendor "Cisco" for product "Nexus 93180yc-fx"	-	-	Safe
Cisco Search vendor "Cisco"	Nexus 9000 Series Application Centric Infrastructure Search vendor "Cisco" for product "Nexus 9000 Series Application Centric Infrastructure"	-	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9332pq Search vendor "Cisco" for product "Nexus 9332pq"	-	-	Safe
Cisco Search vendor "Cisco"	Nexus 9000 Series Application Centric Infrastructure Search vendor "Cisco" for product "Nexus 9000 Series Application Centric Infrastructure"	-	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9336c-fx2 Search vendor "Cisco" for product "Nexus 9336c-fx2"	-	-	Safe
Cisco Search vendor "Cisco"	Nexus 9000 Series Application Centric Infrastructure Search vendor "Cisco" for product "Nexus 9000 Series Application Centric Infrastructure"	-	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9336pq Aci Spine Search vendor "Cisco" for product "Nexus 9336pq Aci Spine"	-	-	Safe
Cisco Search vendor "Cisco"	Nexus 9000 Series Application Centric Infrastructure Search vendor "Cisco" for product "Nexus 9000 Series Application Centric Infrastructure"	-	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9348gc-fxp Search vendor "Cisco" for product "Nexus 9348gc-fxp"	-	-	Safe
Cisco Search vendor "Cisco"	Nexus 9000 Series Application Centric Infrastructure Search vendor "Cisco" for product "Nexus 9000 Series Application Centric Infrastructure"	-	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9364c Search vendor "Cisco" for product "Nexus 9364c"	-	-	Safe
Cisco Search vendor "Cisco"	Nexus 9000 Series Application Centric Infrastructure Search vendor "Cisco" for product "Nexus 9000 Series Application Centric Infrastructure"	-	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9372px Search vendor "Cisco" for product "Nexus 9372px"	-	-	Safe
Cisco Search vendor "Cisco"	Nexus 9000 Series Application Centric Infrastructure Search vendor "Cisco" for product "Nexus 9000 Series Application Centric Infrastructure"	-	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9372px-e Search vendor "Cisco" for product "Nexus 9372px-e"	-	-	Safe
Cisco Search vendor "Cisco"	Nexus 9000 Series Application Centric Infrastructure Search vendor "Cisco" for product "Nexus 9000 Series Application Centric Infrastructure"	-	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9372tx Search vendor "Cisco" for product "Nexus 9372tx"	-	-	Safe
Cisco Search vendor "Cisco"	Nexus 9000 Series Application Centric Infrastructure Search vendor "Cisco" for product "Nexus 9000 Series Application Centric Infrastructure"	-	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9372tx-e Search vendor "Cisco" for product "Nexus 9372tx-e"	-	-	Safe
Cisco Search vendor "Cisco"	Nexus 9000 Series Application Centric Infrastructure Search vendor "Cisco" for product "Nexus 9000 Series Application Centric Infrastructure"	-	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9396px Search vendor "Cisco" for product "Nexus 9396px"	-	-	Safe
Cisco Search vendor "Cisco"	Nexus 9000 Series Application Centric Infrastructure Search vendor "Cisco" for product "Nexus 9000 Series Application Centric Infrastructure"	-	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9396tx Search vendor "Cisco" for product "Nexus 9396tx"	-	-	Safe
Cisco Search vendor "Cisco"	Nexus 9000 Series Application Centric Infrastructure Search vendor "Cisco" for product "Nexus 9000 Series Application Centric Infrastructure"	-	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9504 Search vendor "Cisco" for product "Nexus 9504"	-	-	Safe
Cisco Search vendor "Cisco"	Nexus 9000 Series Application Centric Infrastructure Search vendor "Cisco" for product "Nexus 9000 Series Application Centric Infrastructure"	-	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9508 Search vendor "Cisco" for product "Nexus 9508"	-	-	Safe
Cisco Search vendor "Cisco"	Nexus 9000 Series Application Centric Infrastructure Search vendor "Cisco" for product "Nexus 9000 Series Application Centric Infrastructure"	-	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9516 Search vendor "Cisco" for product "Nexus 9516"	-	-	Safe