ID

VAR-201903-0551


CVE

CVE-2019-1607


TITLE

Cisco NX-OS Software command injection vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2019-002417 // CNNVD: CNNVD-201903-161

DESCRIPTION

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3). Cisco NX-OS The software contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco NX-OS Software is a set of data center-level operating system software used by switches. This issue is being tracked by Cisco Bug ID and CSCvi01416

Trust: 2.52

sources: NVD: CVE-2019-1607 // JVNDB: JVNDB-2019-002417 // CNVD: CNVD-2020-47609 // BID: 107393 // VULHUB: VHN-148179

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-47609

AFFECTED PRODUCTS

vendor:ciscomodel:nx-osscope:gteversion:6.2

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:8.0

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:6.2\(22\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:8.2\(3\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:7.2

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:7.3\(3\)d1\(1\)

Trust: 1.0

vendor:ciscomodel:nx-osscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus series switchesscope:eqversion:7700<6.2(22)

Trust: 0.6

vendor:ciscomodel:nexus series switches <7.3 d1scope:eqversion:7700

Trust: 0.6

vendor:ciscomodel:nexus series switchesscope:eqversion:7700<8.2(3)

Trust: 0.6

vendor:ciscomodel:nexus series switchesscope:eqversion:7000<6.2(22)

Trust: 0.6

vendor:ciscomodel:nexus series switches <7.3 d1scope:eqversion:7000

Trust: 0.6

vendor:ciscomodel:nexus series switchesscope:eqversion:7000<8.2(3)

Trust: 0.6

vendor:ciscomodel:nx-osscope:eqversion:8.3

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:8.2

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:8.1

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:8.0

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:7.3

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:7.2

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:6.2

Trust: 0.3

vendor:ciscomodel:nexus series switchesscope:eqversion:77000

Trust: 0.3

vendor:ciscomodel:nexus series switchesscope:eqversion:70000

Trust: 0.3

vendor:ciscomodel:nx-osscope:neversion:8.3(2)

Trust: 0.3

vendor:ciscomodel:nx-osscope:neversion:8.2(3)

Trust: 0.3

vendor:ciscomodel:nx-osscope:neversion:6.2(22)

Trust: 0.3

sources: CNVD: CNVD-2020-47609 // BID: 107393 // JVNDB: JVNDB-2019-002417 // NVD: CVE-2019-1607

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1607
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1607
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1607
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-47609
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201903-161
value: MEDIUM

Trust: 0.6

VULHUB: VHN-148179
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-1607
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-47609
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-148179
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1607
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1607
baseSeverity: MEDIUM
baseScore: 4.2
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 0.8
impactScore: 3.4
version: 3.0

Trust: 1.0

NVD: CVE-2019-1607
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-47609 // VULHUB: VHN-148179 // JVNDB: JVNDB-2019-002417 // CNNVD: CNNVD-201903-161 // NVD: CVE-2019-1607 // NVD: CVE-2019-1607

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.9

problemtype:CWE-88

Trust: 1.1

sources: VULHUB: VHN-148179 // JVNDB: JVNDB-2019-002417 // NVD: CVE-2019-1607

THREAT TYPE

local

Trust: 0.9

sources: BID: 107393 // CNNVD: CNNVD-201903-161

TYPE

parameter injection

Trust: 0.6

sources: CNNVD: CNNVD-201903-161

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-002417

PATCH

title:cisco-sa-20190306-nxos-cmdinj-1607url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1607

Trust: 0.8

title:Patch for Cisco NX-OS Software command injection vulnerability (CNVD-2020-47609)url:https://www.cnvd.org.cn/patchInfo/show/231493

Trust: 0.6

title:Cisco NX-OS Software Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89836

Trust: 0.6

sources: CNVD: CNVD-2020-47609 // JVNDB: JVNDB-2019-002417 // CNNVD: CNNVD-201903-161

EXTERNAL IDS

db:NVDid:CVE-2019-1607

Trust: 3.4

db:BIDid:107393

Trust: 2.0

db:JVNDBid:JVNDB-2019-002417

Trust: 0.8

db:CNNVDid:CNNVD-201903-161

Trust: 0.7

db:CNVDid:CNVD-2020-47609

Trust: 0.6

db:AUSCERTid:ESB-2019.0699.2

Trust: 0.6

db:NSFOCUSid:42880

Trust: 0.6

db:VULHUBid:VHN-148179

Trust: 0.1

sources: CNVD: CNVD-2020-47609 // VULHUB: VHN-148179 // BID: 107393 // JVNDB: JVNDB-2019-002417 // CNNVD: CNNVD-201903-161 // NVD: CVE-2019-1607

REFERENCES

url:http://www.securityfocus.com/bid/107393

Trust: 2.3

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190306-nxos-cmdinj-1607

Trust: 2.0

url:https://nvd.nist.gov/vuln/detail/cve-2019-1607

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1607

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190306-nxos-cmdinj-

Trust: 0.6

url:https://www.auscert.org.au/bulletins/76574

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-nx-os-nexus-multiple-vulnerabilities-28681

Trust: 0.6

url:http://www.nsfocus.net/vulndb/42880

Trust: 0.6

url:http://www.cisco.com/

Trust: 0.3

sources: CNVD: CNVD-2020-47609 // VULHUB: VHN-148179 // BID: 107393 // JVNDB: JVNDB-2019-002417 // CNNVD: CNNVD-201903-161 // NVD: CVE-2019-1607

CREDITS

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.,vendor ?? ??

Trust: 0.6

sources: CNNVD: CNNVD-201903-161

SOURCES

db:CNVDid:CNVD-2020-47609
db:VULHUBid:VHN-148179
db:BIDid:107393
db:JVNDBid:JVNDB-2019-002417
db:CNNVDid:CNNVD-201903-161
db:NVDid:CVE-2019-1607

LAST UPDATE DATE

2024-08-14T13:26:50.464000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-47609date:2020-08-24T00:00:00
db:VULHUBid:VHN-148179date:2020-10-05T00:00:00
db:BIDid:107393date:2019-03-06T00:00:00
db:JVNDBid:JVNDB-2019-002417date:2019-04-09T00:00:00
db:CNNVDid:CNNVD-201903-161date:2020-10-09T00:00:00
db:NVDid:CVE-2019-1607date:2020-10-05T19:50:36.973

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-47609date:2019-08-26T00:00:00
db:VULHUBid:VHN-148179date:2019-03-08T00:00:00
db:BIDid:107393date:2019-03-06T00:00:00
db:JVNDBid:JVNDB-2019-002417date:2019-04-09T00:00:00
db:CNNVDid:CNNVD-201903-161date:2019-03-06T00:00:00
db:NVDid:CVE-2019-1607date:2019-03-08T20:29:00.417