Sign-up

ID

VAR-201903-0552


CVE

CVE-2019-1608


TITLE

Cisco NX-OS Software command injection vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2019-002420 // CNNVD: CNNVD-201903-156

DESCRIPTION

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(27), 8.1(1b), and 8.3(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3). Cisco NX-OS The software contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco NX-OS Software is a suite of data center-level operating system software for switches. This issue being tracked by Cisco Bug ID CSCvi01422

Trust: 2.52

sources: NVD: CVE-2019-1608 // JVNDB: JVNDB-2019-002420 // CNVD: CNVD-2019-42590 // BID: 107386 // VULHUB: VHN-148190

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-42590

AFFECTED PRODUCTS

vendor:ciscomodel:nx-osscope:ltversion:6.2\(27\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:8.2\(3\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:7.3

Trust: 1.0

vendor:ciscomodel:nx-osscope:gtversion:8.0

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:5.2

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:6.2\(22\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:8.3\(1\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:8.1\(1b\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:gtversion:7.2

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:8.2

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:7.3\(3\)d1\(1\)

Trust: 1.0

vendor:ciscomodel:nx-osscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus series switchesscope:eqversion:70000

Trust: 0.6

vendor:ciscomodel:mds series multilayer switchesscope:eqversion:9000<6.2(27)

Trust: 0.6

vendor:ciscomodel:mds series multilayer switches <8.1scope:eqversion:9000

Trust: 0.6

vendor:ciscomodel:mds series multilayer switchesscope:eqversion:9000<8.3(1)

Trust: 0.6

vendor:ciscomodel:nexus series switchesscope:eqversion:7700<6.2(22)

Trust: 0.6

vendor:ciscomodel:nexus series switches <7.3 d1scope:eqversion:7700

Trust: 0.6

vendor:ciscomodel:nexus series switchesscope:eqversion:7700<8.2(3)

Trust: 0.6

vendor:ciscomodel:nx-osscope:eqversion:8.3

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:8.2

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:8.1

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:7.3

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:6.2

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:5.2

Trust: 0.3

vendor:ciscomodel:nexus r-series line cards and fabric modulesscope:eqversion:95000

Trust: 0.3

vendor:ciscomodel:nexus series switches in standalone nx-os modescope:eqversion:90000

Trust: 0.3

vendor:ciscomodel:nexus series fabric switches aci modescope:eqversion:9000-0

Trust: 0.3

vendor:ciscomodel:nexus series switchesscope:eqversion:30000

Trust: 0.3

vendor:ciscomodel:nx-osscope:neversion:8.3(2)

Trust: 0.3

vendor:ciscomodel:nx-osscope:neversion:8.2(3)

Trust: 0.3

vendor:ciscomodel:nx-osscope:neversion:6.2(27)

Trust: 0.3

vendor:ciscomodel:nx-osscope:neversion:6.2(22)

Trust: 0.3

sources: CNVD: CNVD-2019-42590 // BID: 107386 // JVNDB: JVNDB-2019-002420 // NVD: CVE-2019-1608

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1608
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1608
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1608
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-42590
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201903-156
value: MEDIUM

Trust: 0.6

VULHUB: VHN-148190
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-1608
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-42590
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-148190
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1608
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1608
baseSeverity: MEDIUM
baseScore: 4.2
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 0.8
impactScore: 3.4
version: 3.0

Trust: 1.0

NVD: CVE-2019-1608
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-42590 // VULHUB: VHN-148190 // JVNDB: JVNDB-2019-002420 // CNNVD: CNNVD-201903-156 // NVD: CVE-2019-1608 // NVD: CVE-2019-1608

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.9

problemtype:CWE-88

Trust: 1.1

sources: VULHUB: VHN-148190 // JVNDB: JVNDB-2019-002420 // NVD: CVE-2019-1608

THREAT TYPE

local

Trust: 0.9

sources: BID: 107386 // CNNVD: CNNVD-201903-156

TYPE

parameter injection

Trust: 0.6

sources: CNNVD: CNNVD-201903-156

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-002420

PATCH
title:cisco-sa-20190306-nxos-cmdinj-1608url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1608
Trust: 0.8
title:Patch for Cisco NX-OS Software CLI command injection vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/192267
Trust: 0.6
title:Cisco NX-OS Software Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89832
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-42590 // 
            
            
            
            JVNDB: JVNDB-2019-002420 // 
            
            
            
            CNNVD: CNNVD-201903-156

EXTERNAL IDS
db:NVDid:CVE-2019-1608
Trust: 3.4
db:BIDid:107386
Trust: 2.6
db:JVNDBid:JVNDB-2019-002420
Trust: 0.8
db:CNNVDid:CNNVD-201903-156
Trust: 0.7
db:CNVDid:CNVD-2019-42590
Trust: 0.6
db:AUSCERTid:ESB-2019.0699.2
Trust: 0.6
db:NSFOCUSid:42885
Trust: 0.6
db:VULHUBid:VHN-148190
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-42590 // 
            
            
            
            VULHUB: VHN-148190 // 
            
            
            
            BID: 107386 // 
            
            
            
            JVNDB: JVNDB-2019-002420 // 
            
            
            
            CNNVD: CNNVD-201903-156 // 
            
            
            
            NVD: CVE-2019-1608

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190306-nxos-cmdinj-1608
Trust: 3.2
url:http://www.securityfocus.com/bid/107386
Trust: 2.9
url:https://nvd.nist.gov/vuln/detail/cve-2019-1608
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1608
Trust: 0.8
url:https://www.auscert.org.au/bulletins/76574
Trust: 0.6
url:http://www.nsfocus.net/vulndb/42885
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-nx-os-nexus-multiple-vulnerabilities-28681
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/en/us/products/ps9494/products_sub_category_home.html
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2019-42590 // 
            
            
            
            VULHUB: VHN-148190 // 
            
            
            
            BID: 107386 // 
            
            
            
            JVNDB: JVNDB-2019-002420 // 
            
            
            
            CNNVD: CNNVD-201903-156 // 
            
            
            
            NVD: CVE-2019-1608

CREDITS
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.,vendor ?? ??
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201903-156

SOURCES
db:CNVDid:CNVD-2019-42590
db:VULHUBid:VHN-148190
db:BIDid:107386
db:JVNDBid:JVNDB-2019-002420
db:CNNVDid:CNNVD-201903-156
db:NVDid:CVE-2019-1608

LAST UPDATE DATE
2024-08-14T13:26:50.543000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-42590date:2019-11-28T00:00:00
db:VULHUBid:VHN-148190date:2020-10-05T00:00:00
db:BIDid:107386date:2019-03-06T00:00:00
db:JVNDBid:JVNDB-2019-002420date:2019-04-09T00:00:00
db:CNNVDid:CNNVD-201903-156date:2020-10-09T00:00:00
db:NVDid:CVE-2019-1608date:2020-10-05T19:51:30.850

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-42590date:2019-11-28T00:00:00
db:VULHUBid:VHN-148190date:2019-03-08T00:00:00
db:BIDid:107386date:2019-03-06T00:00:00
db:JVNDBid:JVNDB-2019-002420date:2019-04-09T00:00:00
db:CNNVDid:CNNVD-201903-156date:2019-03-06T00:00:00
db:NVDid:CVE-2019-1608date:2019-03-08T20:29:00.450