Details of VAR-201903-0541

ID

VAR-201903-0541

CVE

CVE-2019-1603

TITLE

Cisco NX-OS Authorization vulnerabilities in software

Trust: 0.8

sources: JVNDB: JVNDB-2019-002446

DESCRIPTION

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to escalate lower-level privileges to the administrator level. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by authenticating to the targeted device and executing commands that could lead to elevated privileges. A successful exploit could allow an attacker to make configuration changes to the system as administrator. Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5). Cisco NX-OS There is an authorization vulnerability in the software.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco NX-OS Software is a set of data center-level operating system software used by switches. The CLI in Cisco NX-OS Software has security holes. This issue is being tracked by Cisco Bug ID CSCvh24810 and CSCvj00330

Trust: 2.52

sources: NVD: CVE-2019-1603 // JVNDB: JVNDB-2019-002446 // CNVD: CNVD-2020-47608 // BID: 107328 // VULHUB: VHN-148135

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-47608

AFFECTED PRODUCTS

vendor:	cisco	model:	nx-os	scope:	lt	version:	7.0\(3\)f3\(5\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	7.0\(3\)i7\(4\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus series switches <7.0 i7	scope:	eq	version:	3000	Trust: 0.6
vendor:	cisco	model:	nexus platform switches <7.0 i7	scope:	eq	version:	3500	Trust: 0.6
vendor:	cisco	model:	nexus platform switches <7.0 f3	scope:	eq	version:	3600	Trust: 0.6
vendor:	cisco	model:	nexus series switches-standalone <7.0 i7	scope:	eq	version:	9000	Trust: 0.6
vendor:	cisco	model:	nexus r-series line cards and fabric modules <7.0 f3	scope:	eq	version:	9500	Trust: 0.6
vendor:	cisco	model:	nx-os 7.0 i7	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 7.0 i6	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 7.0 i5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 7.0 i4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 7.0 f3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 7.0 f2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 7.0 f1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	7.0(3)	Trust: 0.3
vendor:	cisco	model:	nx-os 6.0 a8	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nexus r-series line cards and fabric modules	scope:	eq	version:	95000	Trust: 0.3
vendor:	cisco	model:	nexus series switches in standalone nx-os mode	scope:	eq	version:	90000	Trust: 0.3
vendor:	cisco	model:	nexus platform switches	scope:	eq	version:	36000	Trust: 0.3
vendor:	cisco	model:	nexus platform switches	scope:	eq	version:	35000	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	30000	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	ne	version:	9.2(2)	Trust: 0.3
vendor:	cisco	model:	nx-os 7.0 i7	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 7.0 f3	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 6.0 a8	scope:	ne	version:	-	Trust: 0.3

sources: CNVD: CNVD-2020-47608 // BID: 107328 // JVNDB: JVNDB-2019-002446 // NVD: CVE-2019-1603

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1603
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1603
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-1603
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-47608
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201903-176
value:	HIGH
Trust: 0.6
VULHUB:	VHN-148135
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-1603
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-47608
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-148135
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ykramarz@cisco.com:	CVE-2019-1603
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2019-1603
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2020-47608 // VULHUB: VHN-148135 // JVNDB: JVNDB-2019-002446 // CNNVD: CNNVD-201903-176 // NVD: CVE-2019-1603 // NVD: CVE-2019-1603

PROBLEMTYPE DATA

problemtype:	CWE-285	Trust: 1.9
problemtype:	CWE-863	Trust: 1.1

sources: VULHUB: VHN-148135 // JVNDB: JVNDB-2019-002446 // NVD: CVE-2019-1603

THREAT TYPE

local

Trust: 0.9

sources: BID: 107328 // CNNVD: CNNVD-201903-176

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201903-176

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-002446

PATCH

title:	cisco-sa-20190306-nxos-privesc	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-privesc	Trust: 0.8
title:	Patch for Cisco NX-OS Software authorization issue vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/231490	Trust: 0.6
title:	Cisco NX-OS Software Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89849	Trust: 0.6

sources: CNVD: CNVD-2020-47608 // JVNDB: JVNDB-2019-002446 // CNNVD: CNNVD-201903-176

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1603	Trust: 3.4
db:	BID	id:	107328	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-002446	Trust: 0.8
db:	CNNVD	id:	CNNVD-201903-176	Trust: 0.7
db:	CNVD	id:	CNVD-2020-47608	Trust: 0.6
db:	NSFOCUS	id:	42879	Trust: 0.6
db:	VULHUB	id:	VHN-148135	Trust: 0.1

sources: CNVD: CNVD-2020-47608 // VULHUB: VHN-148135 // BID: 107328 // JVNDB: JVNDB-2019-002446 // CNNVD: CNNVD-201903-176 // NVD: CVE-2019-1603

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190306-nxos-privesc	Trust: 2.6
url:	http://www.securityfocus.com/bid/107328	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1603	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1603	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/42879	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-nx-os-nexus-multiple-vulnerabilities-28681	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2020-47608 // VULHUB: VHN-148135 // BID: 107328 // JVNDB: JVNDB-2019-002446 // CNNVD: CNNVD-201903-176 // NVD: CVE-2019-1603

CREDITS

Cisco,vendor ?? ??

Trust: 0.6

sources: CNNVD: CNNVD-201903-176

SOURCES

db:	CNVD	id:	CNVD-2020-47608
db:	VULHUB	id:	VHN-148135
db:	BID	id:	107328
db:	JVNDB	id:	JVNDB-2019-002446
db:	CNNVD	id:	CNNVD-201903-176
db:	NVD	id:	CVE-2019-1603

LAST UPDATE DATE

2024-08-14T15:07:43.854000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-47608	date:	2020-08-24T00:00:00
db:	VULHUB	id:	VHN-148135	date:	2020-10-08T00:00:00
db:	BID	id:	107328	date:	2019-03-06T00:00:00
db:	JVNDB	id:	JVNDB-2019-002446	date:	2019-04-09T00:00:00
db:	CNNVD	id:	CNNVD-201903-176	date:	2020-10-09T00:00:00
db:	NVD	id:	CVE-2019-1603	date:	2020-10-08T19:56:59.803

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-47608	date:	2019-08-26T00:00:00
db:	VULHUB	id:	VHN-148135	date:	2019-03-08T00:00:00
db:	BID	id:	107328	date:	2019-03-06T00:00:00
db:	JVNDB	id:	JVNDB-2019-002446	date:	2019-04-09T00:00:00
db:	CNNVD	id:	CNNVD-201903-176	date:	2019-03-06T00:00:00
db:	NVD	id:	CVE-2019-1603	date:	2019-03-08T19:29:00.360