ID

VAR-201905-0243


CVE

CVE-2019-1729


TITLE

Cisco NX-OS Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-004599

DESCRIPTION

A vulnerability in the CLI implementation of a specific command used for image maintenance for Cisco NX-OS Software could allow an authenticated, local attacker to overwrite any file on the file system including system files. These file overwrites by the attacker are accomplished at the root privilege level. The vulnerability occurs because there is no verification of user-input parameters and or digital-signature verification for image files when using a specific CLI command. An attacker could exploit this vulnerability by authenticating to the device and issuing a command at the CLI. Because an exploit could allow the attacker to overwrite any file on the disk, including system files, a denial of service (DoS) condition could occur. The attacker must have valid administrator credentials for the affected device to exploit this vulnerability. Cisco NX-OS The software contains an input validation vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. Cisco NX-OS Software is prone to an arbitrary file-overwrite vulnerability. Attackers can overwrite arbitrary files on an unsuspecting user's computer in the context of the vulnerable application. This issue is being tracked by Cisco Bug IDs CSCvh76022 and CSCvj03856. Cisco Nexus 3000 Series Switches are all products of Cisco (Cisco). Cisco Nexus 3000 Series Switches is a 3000 series switch. Cisco Nexus 3500 Platform Switches is a 3500 series platform switch. Cisco Nexus 3600 Platform Switches is a 3600 series platform switch. The vulnerability stems from the failure of the network system or product to properly validate the input data. The following products and versions are affected: Cisco Nexus 3000 Series Switches; Nexus 3500 Platform Switches; Nexus 3600 Platform Switches; Nexus 9000 Series Switches in standalone NX-OS mode; Nexus 9500 R-Series Switching Platform

Trust: 1.98

sources: NVD: CVE-2019-1729 // JVNDB: JVNDB-2019-004599 // BID: 108378 // VULHUB: VHN-149521

AFFECTED PRODUCTS

vendor:ciscomodel:nx-osscope:gteversion:7.0\(3\)i7

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:7.0\(3\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:7.0\(3\)i7\(4\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:7.0\(3\)f3\(5\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:7.0\(3\)i4\(9\)

Trust: 1.0

vendor:ciscomodel:nx-osscope: - version: -

Trust: 0.8

vendor:ciscomodel:nx-os software for nexus r-series switching platformscope:eqversion:95007.0(3)

Trust: 0.3

vendor:ciscomodel:nx-os software for nexus series switches 7.0 i7scope:eqversion:9000

Trust: 0.3

vendor:ciscomodel:nx-os software for nexus series switches 7.0 i4scope:eqversion:9000

Trust: 0.3

vendor:ciscomodel:nx-os software for nexus platform switchesscope:eqversion:36007.0(3)

Trust: 0.3

vendor:ciscomodel:nx-os software for nexus platform switches 7.0 i7scope:eqversion:3500

Trust: 0.3

vendor:ciscomodel:nx-os software for nexus platform switches 7.0 i4scope:eqversion:3500

Trust: 0.3

vendor:ciscomodel:nx-os software for nexus series switches 7.0 i7scope:eqversion:3000

Trust: 0.3

vendor:ciscomodel:nx-os software for nexus series switches 7.0 i4scope:eqversion:3000

Trust: 0.3

vendor:ciscomodel:nexus r-series switching platformscope:eqversion:95000

Trust: 0.3

vendor:ciscomodel:nexus series switches standalone nx-os modescope:eqversion:9000-0

Trust: 0.3

vendor:ciscomodel:nexus series switches 7.0 i7scope:eqversion:9000

Trust: 0.3

vendor:ciscomodel:nexus platform switchesscope:eqversion:36000

Trust: 0.3

vendor:ciscomodel:nexus platform switchesscope:eqversion:35000

Trust: 0.3

vendor:ciscomodel:nexus series switchesscope:eqversion:30000

Trust: 0.3

vendor:ciscomodel:nx-os software for nexus r-series switching platform 7.0 f3scope:neversion:9500

Trust: 0.3

vendor:ciscomodel:nx-os software for nexus series switches 7.0 i7scope:neversion:9000

Trust: 0.3

vendor:ciscomodel:nx-os software for nexus series switches 7.0 i4scope:neversion:9000

Trust: 0.3

vendor:ciscomodel:nx-os software for nexus platform switches 7.0 f3scope:neversion:3600

Trust: 0.3

vendor:ciscomodel:nx-os software for nexus platform switches 7.0 i7scope:neversion:3500

Trust: 0.3

vendor:ciscomodel:nx-os software for nexus platform switches 7.0 i4scope:neversion:3500

Trust: 0.3

vendor:ciscomodel:nx-os software for nexus series switches 7.0 i7scope:neversion:3000

Trust: 0.3

vendor:ciscomodel:nx-os software for nexus series switches 7.0 i4scope:neversion:3000

Trust: 0.3

sources: BID: 108378 // JVNDB: JVNDB-2019-004599 // NVD: CVE-2019-1729

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1729
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1729
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1729
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201905-643
value: MEDIUM

Trust: 0.6

VULHUB: VHN-149521
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1729
severity: MEDIUM
baseScore: 6.6
vectorString: AV:L/AC:L/AU:N/C:N/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-149521
severity: MEDIUM
baseScore: 6.6
vectorString: AV:L/AC:L/AU:N/C:N/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1729
baseSeverity: MEDIUM
baseScore: 6.0
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.2
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1729
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: CVE-2019-1729
baseSeverity: MEDIUM
baseScore: 6.0
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-149521 // JVNDB: JVNDB-2019-004599 // CNNVD: CNNVD-201905-643 // NVD: CVE-2019-1729 // NVD: CVE-2019-1729

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-347

Trust: 1.1

sources: VULHUB: VHN-149521 // JVNDB: JVNDB-2019-004599 // NVD: CVE-2019-1729

THREAT TYPE

local

Trust: 0.9

sources: BID: 108378 // CNNVD: CNNVD-201905-643

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-201905-643

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004599

PATCH

title:cisco-sa-20190515-nxos-file-writeurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-file-write

Trust: 0.8

title:Cisco NX-OS Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92769

Trust: 0.6

sources: JVNDB: JVNDB-2019-004599 // CNNVD: CNNVD-201905-643

EXTERNAL IDS

db:NVDid:CVE-2019-1729

Trust: 2.8

db:BIDid:108378

Trust: 2.0

db:JVNDBid:JVNDB-2019-004599

Trust: 0.8

db:CNNVDid:CNNVD-201905-643

Trust: 0.7

db:AUSCERTid:ESB-2019.1756.4

Trust: 0.6

db:AUSCERTid:ESB-2019.1756.3

Trust: 0.6

db:VULHUBid:VHN-149521

Trust: 0.1

sources: VULHUB: VHN-149521 // BID: 108378 // JVNDB: JVNDB-2019-004599 // CNNVD: CNNVD-201905-643 // NVD: CVE-2019-1729

REFERENCES

url:http://www.securityfocus.com/bid/108378

Trust: 2.3

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-file-write

Trust: 2.0

url:https://nvd.nist.gov/vuln/detail/cve-2019-1729

Trust: 1.4

url:http://www.cisco.com/

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1729

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-ssh-info

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-rpm-injec

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-pyth-escal

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-psvb

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-nxapi-xss

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-linecardinj-1769

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1791

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1790

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmd-inject-1784

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1783

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1778

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1776

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1770

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1735

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1774-1775

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cli-bypass

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-overflow-inj

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-bash-bypass

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-sisv2

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.1756.3/

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-nx-os-privilege-escalation-via-file-overwrite-29328

Trust: 0.6

url:https://www.auscert.org.au/bulletins/81106

Trust: 0.6

sources: VULHUB: VHN-149521 // BID: 108378 // JVNDB: JVNDB-2019-004599 // CNNVD: CNNVD-201905-643 // NVD: CVE-2019-1729

CREDITS

Cisco

Trust: 0.9

sources: BID: 108378 // CNNVD: CNNVD-201905-643

SOURCES

db:VULHUBid:VHN-149521
db:BIDid:108378
db:JVNDBid:JVNDB-2019-004599
db:CNNVDid:CNNVD-201905-643
db:NVDid:CVE-2019-1729

LAST UPDATE DATE

2024-08-14T13:55:27.089000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-149521date:2020-10-09T00:00:00
db:BIDid:108378date:2019-05-15T00:00:00
db:JVNDBid:JVNDB-2019-004599date:2019-06-05T00:00:00
db:CNNVDid:CNNVD-201905-643date:2020-10-28T00:00:00
db:NVDid:CVE-2019-1729date:2020-10-09T17:11:59.097

SOURCES RELEASE DATE

db:VULHUBid:VHN-149521date:2019-05-15T00:00:00
db:BIDid:108378date:2019-05-15T00:00:00
db:JVNDBid:JVNDB-2019-004599date:2019-06-05T00:00:00
db:CNNVDid:CNNVD-201905-643date:2019-05-15T00:00:00
db:NVDid:CVE-2019-1729date:2019-05-15T17:29:01.657