Details of VAR-201903-0555

ID

VAR-201903-0555

CVE

CVE-2019-1600

TITLE

Cisco FXOS and NX-OS Information disclosure vulnerability in software

Trust: 0.8

sources: JVNDB: JVNDB-2019-002447

DESCRIPTION

A vulnerability in the file system permissions of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive information that is stored in the file system of an affected system. The vulnerability is due to improper implementation of file system permissions. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow the attacker to access sensitive and critical files. Firepower 4100 Series Next-Generation Firewalls are affected in versions prior to 2.2.2.91 and 2.3.1.110. Firepower 9300 Series Next-Generation Firewalls are affected in versions prior to 2.2.2.91 and 2.3.1.110. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(25), 8.1(1b), and 8.3(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.1(5)N1(1b) and 7.3(3)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5). This issue being tracked by Cisco Bug IDs CSCvh75886, CSCvh75949, CSCvi96549, CSCvi96551, CSCvi96554, CSCvi96559

Trust: 2.25

sources: NVD: CVE-2019-1600 // JVNDB: JVNDB-2019-002447 // BID: 107399 // BID: 107404 // VULHUB: VHN-148102

AFFECTED PRODUCTS

vendor:	cisco	model:	firepower extensible operating system	scope:	lt	version:	2.3.1.110	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	8.1\(1b\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	8.2\(3\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	8.3\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	gte	version:	7.0\(3\)f3	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	gte	version:	7.0\(3\)i5	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	7.0\(3\)i7\(4\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	7.3\(3\)n1\(1\)	Trust: 1.0
vendor:	cisco	model:	firepower extensible operating system	scope:	lt	version:	2.2.2.91	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	7.0\(3\)f3\(5\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	6.0\(2\)a8\(10\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	gte	version:	7.2	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	7.3\(3\)d1\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	gte	version:	7.0\(3\)f1	Trust: 1.0
vendor:	cisco	model:	firepower extensible operating system	scope:	gte	version:	1.1	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	gte	version:	7.0\(3\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	gte	version:	7.3	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	7.0\(3\)i4\(9\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	7.1\(5\)n1\(1b\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	gte	version:	8.2	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	6.2\(22\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	gte	version:	5.2.	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	gte	version:	8.0	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	6.2\(25\)	Trust: 1.0
vendor:	cisco	model:	firepower extensible operating system	scope:	gte	version:	2.3	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	fx-os	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nx-os	scope:	eq	version:	8.3	Trust: 0.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	8.2	Trust: 0.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	8.1	Trust: 0.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	8.0	Trust: 0.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	7.3	Trust: 0.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	7.2	Trust: 0.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	7.1	Trust: 0.6
vendor:	cisco	model:	nx-os 7.0 i7	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	nx-os 7.0 i6	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	nx-os 7.0 i5	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	nx-os 7.0 i4	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	nx-os 7.0 f3	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	nx-os 7.0 f2	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	nx-os 7.0 f1	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	7.0(3)	Trust: 0.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	7.0	Trust: 0.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	6.2	Trust: 0.6
vendor:	cisco	model:	nx-os 6.0 a8	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	6.0	Trust: 0.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.2	Trust: 0.6
vendor:	cisco	model:	nexus r-series line cards and fabric modules	scope:	eq	version:	95000	Trust: 0.6
vendor:	cisco	model:	nexus series switches in standalone nx-os mode	scope:	eq	version:	90000	Trust: 0.6
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	77000	Trust: 0.6
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	70000	Trust: 0.6
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	60000	Trust: 0.6
vendor:	cisco	model:	nexus platform switches	scope:	eq	version:	56000	Trust: 0.6
vendor:	cisco	model:	nexus platform switches	scope:	eq	version:	55000	Trust: 0.6
vendor:	cisco	model:	nexus platform switches	scope:	eq	version:	36000	Trust: 0.6
vendor:	cisco	model:	nexus platform switches	scope:	eq	version:	35000	Trust: 0.6
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	30000	Trust: 0.6
vendor:	cisco	model:	nexus series fabric extenders	scope:	eq	version:	20000	Trust: 0.6
vendor:	cisco	model:	mds series multilayer switches	scope:	eq	version:	90000	Trust: 0.6
vendor:	cisco	model:	nx-os	scope:	ne	version:	8.3(2)	Trust: 0.6
vendor:	cisco	model:	nx-os	scope:	ne	version:	8.2(3)	Trust: 0.6
vendor:	cisco	model:	nx-os 7.3 n1	scope:	ne	version:	-	Trust: 0.6
vendor:	cisco	model:	nx-os 7.1 n1	scope:	ne	version:	-	Trust: 0.6
vendor:	cisco	model:	nx-os 7.0 i7	scope:	ne	version:	-	Trust: 0.6
vendor:	cisco	model:	nx-os 7.0 f3	scope:	ne	version:	-	Trust: 0.6
vendor:	cisco	model:	nx-os	scope:	ne	version:	6.2(27)	Trust: 0.6
vendor:	cisco	model:	nx-os	scope:	ne	version:	6.2(22)	Trust: 0.6
vendor:	cisco	model:	nx-os 6.0 a8	scope:	ne	version:	-	Trust: 0.6
vendor:	cisco	model:	fxos	scope:	ne	version:	2.4.1.222	Trust: 0.6
vendor:	cisco	model:	fxos	scope:	ne	version:	2.3.1.110	Trust: 0.6
vendor:	cisco	model:	fxos	scope:	ne	version:	2.2.2.91	Trust: 0.6
vendor:	cisco	model:	fxos	scope:	eq	version:	2.4	Trust: 0.3
vendor:	cisco	model:	fxos	scope:	eq	version:	2.3	Trust: 0.3
vendor:	cisco	model:	fxos	scope:	eq	version:	2.2	Trust: 0.3
vendor:	cisco	model:	fxos	scope:	eq	version:	2.1	Trust: 0.3
vendor:	cisco	model:	fxos	scope:	eq	version:	2.0	Trust: 0.3
vendor:	cisco	model:	fxos	scope:	eq	version:	1.1	Trust: 0.3
vendor:	cisco	model:	firepower security appliance	scope:	eq	version:	93000	Trust: 0.3
vendor:	cisco	model:	firepower series next-generation firewall	scope:	eq	version:	41000	Trust: 0.3

sources: BID: 107399 // BID: 107404 // JVNDB: JVNDB-2019-002447 // NVD: CVE-2019-1600

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1600
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1600
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-1600
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201903-185
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-148102
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-1600
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-148102
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-1600
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.8
impactScore:	3.6
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1600
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	CVE-2019-1600
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-148102 // JVNDB: JVNDB-2019-002447 // CNNVD: CNNVD-201903-185 // NVD: CVE-2019-1600 // NVD: CVE-2019-1600

PROBLEMTYPE DATA

problemtype:	CWE-732	Trust: 1.1
problemtype:	CWE-264	Trust: 1.0
problemtype:	CWE-200	Trust: 0.9

sources: VULHUB: VHN-148102 // JVNDB: JVNDB-2019-002447 // NVD: CVE-2019-1600

THREAT TYPE

local

Trust: 1.2

sources: BID: 107399 // BID: 107404 // CNNVD: CNNVD-201903-185

TYPE

Access Validation Error

Trust: 0.6

sources: BID: 107399 // BID: 107404

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-002447

PATCH

title:	cisco-sa-20190306-nxos-directory	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-directory	Trust: 0.8
title:	Cisco FXOS Software and Cisco NX-OS Software Fixes for permission permissions and access control vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89856	Trust: 0.6

sources: JVNDB: JVNDB-2019-002447 // CNNVD: CNNVD-201903-185

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1600	Trust: 3.1
db:	BID	id:	107399	Trust: 2.0
db:	BID	id:	107404	Trust: 1.4
db:	JVNDB	id:	JVNDB-2019-002447	Trust: 0.8
db:	CNNVD	id:	CNNVD-201903-185	Trust: 0.7
db:	VULHUB	id:	VHN-148102	Trust: 0.1

sources: VULHUB: VHN-148102 // BID: 107399 // BID: 107404 // JVNDB: JVNDB-2019-002447 // CNNVD: CNNVD-201903-185 // NVD: CVE-2019-1600

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190306-nxos-directory	Trust: 2.6
url:	http://www.securityfocus.com/bid/107399	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1600	Trust: 1.4
url:	http://www.cisco.com/en/us/products/ps9494/products_sub_category_home.html	Trust: 1.2
url:	http://www.securityfocus.com/bid/107404	Trust: 1.1
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190306-nxos-file-access	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1600	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-nx-os-nexus-multiple-vulnerabilities-28681	Trust: 0.6

sources: VULHUB: VHN-148102 // BID: 107399 // BID: 107404 // JVNDB: JVNDB-2019-002447 // CNNVD: CNNVD-201903-185 // NVD: CVE-2019-1600

CREDITS

Cisco

Trust: 1.2

sources: BID: 107399 // BID: 107404 // CNNVD: CNNVD-201903-185

SOURCES

db:	VULHUB	id:	VHN-148102
db:	BID	id:	107399
db:	BID	id:	107404
db:	JVNDB	id:	JVNDB-2019-002447
db:	CNNVD	id:	CNNVD-201903-185
db:	NVD	id:	CVE-2019-1600

LAST UPDATE DATE

2024-11-23T22:06:18.650000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-148102	date:	2022-05-10T00:00:00
db:	BID	id:	107399	date:	2019-03-06T00:00:00
db:	BID	id:	107404	date:	2019-03-06T00:00:00
db:	JVNDB	id:	JVNDB-2019-002447	date:	2019-04-09T00:00:00
db:	CNNVD	id:	CNNVD-201903-185	date:	2019-04-17T00:00:00
db:	NVD	id:	CVE-2019-1600	date:	2024-11-21T04:36:53.833

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-148102	date:	2019-03-07T00:00:00
db:	BID	id:	107399	date:	2019-03-06T00:00:00
db:	BID	id:	107404	date:	2019-03-06T00:00:00
db:	JVNDB	id:	JVNDB-2019-002447	date:	2019-04-09T00:00:00
db:	CNNVD	id:	CNNVD-201903-185	date:	2019-03-06T00:00:00
db:	NVD	id:	CVE-2019-1600	date:	2019-03-07T20:29:00.343