ID

VAR-201905-0240


CVE

CVE-2019-1726


TITLE

Cisco NX-OS Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-004534

DESCRIPTION

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to access internal services that should be restricted on an affected device, such as the NX-API. The vulnerability is due to insufficient validation of arguments passed to a certain CLI command. An attacker could exploit this vulnerability by including malicious input as the argument to the affected command. A successful exploit could allow the attacker to bypass intended restrictions and access internal services of the device. An attacker would need valid device credentials to exploit this vulnerability. Cisco NX-OS The software contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco NX-OS Software is a data center-level operating system software used by a switch. A local security bypass vulnerability exists in Cisco NX-OSSoftware. This may aid in further attacks. This issue is being tracked by Cisco Bug IDs CSCvh24771, CSCvi99247, CSCvi99248, CSCvi99250, CSCvi99251, CSCvi99252 and CSCvn11851

Trust: 2.52

sources: NVD: CVE-2019-1726 // JVNDB: JVNDB-2019-004534 // CNVD: CNVD-2019-24160 // BID: 108409 // VULHUB: VHN-149488

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-24160

AFFECTED PRODUCTS

vendor:ciscomodel:nx-osscope:ltversion:6.2\(25\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:8.0

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:7.3\(4\)n1\(1\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:7.0\(3\)i7

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:6.0\(2\)a8\(11\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:7.3

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:7.2

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:5.2

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:7.0\(3\)i7\(3\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:6.2\(22\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:7.0\(3\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:4.0\(1d\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:8.3\(2\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:7.3\(3\)d1\(1\)

Trust: 1.0

vendor:ciscomodel:nx-osscope: - version: -

Trust: 0.8

vendor:ciscomodel:nx-os softwarescope: - version: -

Trust: 0.6

vendor:ciscomodel:ucs series fabric interconnectsscope:eqversion:64000

Trust: 0.3

vendor:ciscomodel:ucs series fabric interconnectsscope:eqversion:63000

Trust: 0.3

vendor:ciscomodel:ucs series fabric interconnectsscope:eqversion:62000

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:8.3

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:8.2

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:8.1

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:8.0

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:7.3

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:7.2

Trust: 0.3

vendor:ciscomodel:nx-os 7.0 i7scope: - version: -

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:7.0(3)

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:6.2

Trust: 0.3

vendor:ciscomodel:nx-os 6.0 a8scope: - version: -

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:5.2

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:4.0

Trust: 0.3

vendor:ciscomodel:nexus r-series switching platformscope:eqversion:95000

Trust: 0.3

vendor:ciscomodel:nexus series switches standalone nx-os modescope:eqversion:9000-0

Trust: 0.3

vendor:ciscomodel:nexus series switchesscope:eqversion:77000

Trust: 0.3

vendor:ciscomodel:nexus series switchesscope:eqversion:70000

Trust: 0.3

vendor:ciscomodel:nexus series switchesscope:eqversion:60000

Trust: 0.3

vendor:ciscomodel:nexus platform switchesscope:eqversion:56000

Trust: 0.3

vendor:ciscomodel:nexus platform switchesscope:eqversion:55000

Trust: 0.3

vendor:ciscomodel:nexus platform switchesscope:eqversion:36000

Trust: 0.3

vendor:ciscomodel:nexus platform switchesscope:eqversion:35000

Trust: 0.3

vendor:ciscomodel:nexus series switchesscope:eqversion:30000

Trust: 0.3

vendor:ciscomodel:mds series multilayer switchesscope:eqversion:90000

Trust: 0.3

vendor:ciscomodel:nx-osscope:neversion:9.2(1)

Trust: 0.3

vendor:ciscomodel:nx-osscope:neversion:8.3(2)

Trust: 0.3

vendor:ciscomodel:nx-os 7.3 n1scope:neversion: -

Trust: 0.3

vendor:ciscomodel:nx-os 7.3 d1scope:neversion: -

Trust: 0.3

vendor:ciscomodel:nx-os 7.0 i7scope:neversion: -

Trust: 0.3

vendor:ciscomodel:nx-osscope:neversion:6.2(25)

Trust: 0.3

vendor:ciscomodel:nx-osscope:neversion:6.2(22)

Trust: 0.3

vendor:ciscomodel:nx-os 6.0 a8scope:neversion: -

Trust: 0.3

vendor:ciscomodel:nx-os 4.0scope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2019-24160 // BID: 108409 // JVNDB: JVNDB-2019-004534 // NVD: CVE-2019-1726

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1726
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1726
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1726
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-24160
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201905-640
value: HIGH

Trust: 0.6

VULHUB: VHN-149488
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1726
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-24160
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-149488
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1726
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1726
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.8
impactScore: 3.4
version: 3.0

Trust: 1.0

NVD: CVE-2019-1726
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-24160 // VULHUB: VHN-149488 // JVNDB: JVNDB-2019-004534 // CNNVD: CNNVD-201905-640 // NVD: CVE-2019-1726 // NVD: CVE-2019-1726

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-78

Trust: 1.1

sources: VULHUB: VHN-149488 // JVNDB: JVNDB-2019-004534 // NVD: CVE-2019-1726

THREAT TYPE

local

Trust: 0.9

sources: BID: 108409 // CNNVD: CNNVD-201905-640

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201905-640

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004534

PATCH

title:cisco-sa-20190515-nxos-cli-bypassurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cli-bypass

Trust: 0.8

title:Cisco NX-OSSoftware Local Security Bypass Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/163901

Trust: 0.6

title:Cisco NX-OS Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92766

Trust: 0.6

sources: CNVD: CNVD-2019-24160 // JVNDB: JVNDB-2019-004534 // CNNVD: CNNVD-201905-640

EXTERNAL IDS

db:NVDid:CVE-2019-1726

Trust: 3.4

db:BIDid:108409

Trust: 2.0

db:JVNDBid:JVNDB-2019-004534

Trust: 0.8

db:CNNVDid:CNNVD-201905-640

Trust: 0.7

db:CNVDid:CNVD-2019-24160

Trust: 0.6

db:AUSCERTid:ESB-2019.1756.4

Trust: 0.6

db:AUSCERTid:ESB-2019.1756.3

Trust: 0.6

db:VULHUBid:VHN-149488

Trust: 0.1

sources: CNVD: CNVD-2019-24160 // VULHUB: VHN-149488 // BID: 108409 // JVNDB: JVNDB-2019-004534 // CNNVD: CNNVD-201905-640 // NVD: CVE-2019-1726

REFERENCES

url:http://www.securityfocus.com/bid/108409

Trust: 2.3

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cli-bypass

Trust: 2.0

url:https://nvd.nist.gov/vuln/detail/cve-2019-1726

Trust: 1.4

url:http://www.cisco.com/

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1726

Trust: 0.8

url:https://web.nvd.nist.gov//vuln/detail/cve-2019-1726

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-ssh-info

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-rpm-injec

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-pyth-escal

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-psvb

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-nxapi-xss

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-linecardinj-1769

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1791

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1790

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmd-inject-1784

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1783

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1778

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1776

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1770

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1735

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1774-1775

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-overflow-inj

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-bash-bypass

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-file-write

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-sisv2

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.1756.3/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/81106

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-nx-os-privilege-escalation-via-the-shell-29325

Trust: 0.6

sources: CNVD: CNVD-2019-24160 // VULHUB: VHN-149488 // BID: 108409 // JVNDB: JVNDB-2019-004534 // CNNVD: CNNVD-201905-640 // NVD: CVE-2019-1726

CREDITS

Cisco.

Trust: 0.9

sources: BID: 108409 // CNNVD: CNNVD-201905-640

SOURCES

db:CNVDid:CNVD-2019-24160
db:VULHUBid:VHN-149488
db:BIDid:108409
db:JVNDBid:JVNDB-2019-004534
db:CNNVDid:CNNVD-201905-640
db:NVDid:CVE-2019-1726

LAST UPDATE DATE

2024-08-14T13:55:26.910000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-24160date:2019-07-29T00:00:00
db:VULHUBid:VHN-149488date:2020-10-09T00:00:00
db:BIDid:108409date:2019-05-15T00:00:00
db:JVNDBid:JVNDB-2019-004534date:2019-06-04T00:00:00
db:CNNVDid:CNNVD-201905-640date:2021-05-20T00:00:00
db:NVDid:CVE-2019-1726date:2020-10-09T17:03:46.363

SOURCES RELEASE DATE

db:CNVDid:CNVD-2019-24160date:2019-06-19T00:00:00
db:VULHUBid:VHN-149488date:2019-05-15T00:00:00
db:BIDid:108409date:2019-05-15T00:00:00
db:JVNDBid:JVNDB-2019-004534date:2019-06-04T00:00:00
db:CNNVDid:CNNVD-201905-640date:2019-05-15T00:00:00
db:NVDid:CVE-2019-1726date:2019-05-15T17:29:01.467