Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-1605

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary code as root. The vulnerability is due to incorrect input validation in the NX-API feature. An attacker could exploit this vulnerability by sending a crafted HTTP or HTTPS request to an internal service on an affected device that has the NX-API feature enabled. A successful exploit could allow the attacker to cause a buffer overflow and execute arbitrary code as root. Note: The NX-API feature is disabled by default. MDS 9000 Series Multilayer Switches are affected in versions prior to 8.1(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(8) and 7.0(3)I7(1). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(8). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.3(2)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 7.3(3)D1(1). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I4(8) and 7.0(3)I7(1). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).

Published

2019-03-08T20:29:00.340

Last Modified

2024-11-21T04:36:54.603

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

3.9

Impact Score

10.0

Weaknesses
  • Type: Secondary
    CWE-20
  • Type: Primary
    CWE-119
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System cisco nx-os < 8.1\(1\) Yes
Hardware cisco mds_9000 - No
Operating System cisco nx-os < 6.0\(2\)a8\(8\) Yes
Hardware cisco nexus_3500 - No
Operating System cisco nx-os < 7.0\(3\)i7\(1\) Yes
Hardware cisco nexus_3000 - No
Operating System cisco nx-os < 7.0\(3\)f3\(5\) Yes
Hardware cisco nexus_3600 - No
Operating System cisco nx-os < 7.3\(3\)d1\(1\) Yes
Hardware cisco nexus_7000 - No
Hardware cisco nexus_7700 - No
Operating System cisco nx-os < 7.0\(3\)i4\(8\) Yes
Operating System cisco nx-os < 7.0\(3\)i7\(1\) Yes
Hardware cisco nexus_9000 - No
Operating System cisco nx-os < 7.0\(3\)f3\(5\) Yes
Hardware cisco nexus_9500 - No
Operating System cisco nx-os < 7.0\(3\)i4\(8\) Yes
Hardware cisco nexus_3000 - No
Operating System cisco nx-os < 7.0\(3\)i4\(8\) Yes
Hardware cisco nexus_9000 - No
Operating System cisco nx-os < 7.3\(2\)n1\(1\) Yes
Hardware cisco nexus_2000 - No
Hardware cisco nexus_5500 - No
Hardware cisco nexus_5600 - No
Hardware cisco nexus_6000 - No
References