Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-1808

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by loading an unsigned software patch on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image.

Published

2019-05-15T23:29:01.010

Last Modified

2024-11-21T04:37:25.483

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.4 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-347
Type: Primary
CWE-347

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	nx-os	< 8.1\(1a\)	Yes
Operating System	cisco	nx-os	< 8.3\(1\)	Yes
Hardware	cisco	mds_9706	-	No
Hardware	cisco	mds_9710	-	No
Hardware	cisco	mds_9718	-	No
Operating System	cisco	nx-os	< 7.3\(3\)d1\(1\)	Yes
Operating System	cisco	nx-os	< 8.2\(3\)	Yes
Hardware	cisco	7000_10-slot	-	No
Hardware	cisco	7000_18-slot	-	No
Hardware	cisco	7000_4-slot	-	No
Hardware	cisco	7000_9-slot	-	No
Hardware	cisco	7700_10-slot	-	No
Hardware	cisco	7700_18-slot	-	No
Hardware	cisco	7700_2-slot	-	No
Hardware	cisco	7700_6-slot	-	No
Hardware	cisco	n77-f312ck-26	-	No
Hardware	cisco	n77-f324fq-25	-	No
Hardware	cisco	n77-f348xp-23	-	No
Hardware	cisco	n77-f430cq-36	-	No
Hardware	cisco	n77-m312cq-26l	-	No
Hardware	cisco	n77-m324fq-25l	-	No
Hardware	cisco	n77-m348xp-23l	-	No
Hardware	cisco	n7k-f248xp-25e	-	No
Hardware	cisco	n7k-f306ck-25	-	No
Hardware	cisco	n7k-f312fq-25	-	No
Hardware	cisco	n7k-m202cf-22l	-	No
Hardware	cisco	n7k-m206fq-23l	-	No
Hardware	cisco	n7k-m224xp-23l	-	No
Hardware	cisco	n7k-m324fq-25l	-	No
Hardware	cisco	n7k-m348xp-25l	-	No
Hardware	cisco	nexus_7000_supervisor_1	-	No
Hardware	cisco	nexus_7000_supervisor_2	-	No
Hardware	cisco	nexus_7000_supervisor_2e	-	No
Hardware	cisco	nexus_7700_supervisor_2e	-	No
Hardware	cisco	nexus_7700_supervisor_3e	-	No

References

http://www.securityfocus.com/bid/108367 Broken Link, Third Party Advisory, VDB Entry ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-spsv Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/108367 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-spsv Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)