Details of VAR-201905-0243

ID

VAR-201905-0243

CVE

CVE-2019-1729

TITLE

Cisco NX-OS Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-004599

DESCRIPTION

A vulnerability in the CLI implementation of a specific command used for image maintenance for Cisco NX-OS Software could allow an authenticated, local attacker to overwrite any file on the file system including system files. These file overwrites by the attacker are accomplished at the root privilege level. The vulnerability occurs because there is no verification of user-input parameters and or digital-signature verification for image files when using a specific CLI command. An attacker could exploit this vulnerability by authenticating to the device and issuing a command at the CLI. Because an exploit could allow the attacker to overwrite any file on the disk, including system files, a denial of service (DoS) condition could occur. The attacker must have valid administrator credentials for the affected device to exploit this vulnerability. Cisco NX-OS The software contains an input validation vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. Cisco NX-OS Software is prone to an arbitrary file-overwrite vulnerability. Attackers can overwrite arbitrary files on an unsuspecting user's computer in the context of the vulnerable application. This issue is being tracked by Cisco Bug IDs CSCvh76022 and CSCvj03856. Cisco Nexus 3000 Series Switches are all products of Cisco (Cisco). Cisco Nexus 3000 Series Switches is a 3000 series switch. Cisco Nexus 3500 Platform Switches is a 3500 series platform switch. Cisco Nexus 3600 Platform Switches is a 3600 series platform switch. The vulnerability stems from the failure of the network system or product to properly validate the input data. The following products and versions are affected: Cisco Nexus 3000 Series Switches; Nexus 3500 Platform Switches; Nexus 3600 Platform Switches; Nexus 9000 Series Switches in standalone NX-OS mode; Nexus 9500 R-Series Switching Platform

Trust: 1.98

sources: NVD: CVE-2019-1729 // JVNDB: JVNDB-2019-004599 // BID: 108378 // VULHUB: VHN-149521

AFFECTED PRODUCTS

vendor:	cisco	model:	nx-os	scope:	gte	version:	7.0\(3\)i7	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	gte	version:	7.0\(3\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	7.0\(3\)i7\(4\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	7.0\(3\)f3\(5\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	7.0\(3\)i4\(9\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nx-os software for nexus r-series switching platform	scope:	eq	version:	95007.0(3)	Trust: 0.3
vendor:	cisco	model:	nx-os software for nexus series switches 7.0 i7	scope:	eq	version:	9000	Trust: 0.3
vendor:	cisco	model:	nx-os software for nexus series switches 7.0 i4	scope:	eq	version:	9000	Trust: 0.3
vendor:	cisco	model:	nx-os software for nexus platform switches	scope:	eq	version:	36007.0(3)	Trust: 0.3
vendor:	cisco	model:	nx-os software for nexus platform switches 7.0 i7	scope:	eq	version:	3500	Trust: 0.3
vendor:	cisco	model:	nx-os software for nexus platform switches 7.0 i4	scope:	eq	version:	3500	Trust: 0.3
vendor:	cisco	model:	nx-os software for nexus series switches 7.0 i7	scope:	eq	version:	3000	Trust: 0.3
vendor:	cisco	model:	nx-os software for nexus series switches 7.0 i4	scope:	eq	version:	3000	Trust: 0.3
vendor:	cisco	model:	nexus r-series switching platform	scope:	eq	version:	95000	Trust: 0.3
vendor:	cisco	model:	nexus series switches standalone nx-os mode	scope:	eq	version:	9000-0	Trust: 0.3
vendor:	cisco	model:	nexus series switches 7.0 i7	scope:	eq	version:	9000	Trust: 0.3
vendor:	cisco	model:	nexus platform switches	scope:	eq	version:	36000	Trust: 0.3
vendor:	cisco	model:	nexus platform switches	scope:	eq	version:	35000	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	30000	Trust: 0.3
vendor:	cisco	model:	nx-os software for nexus r-series switching platform 7.0 f3	scope:	ne	version:	9500	Trust: 0.3
vendor:	cisco	model:	nx-os software for nexus series switches 7.0 i7	scope:	ne	version:	9000	Trust: 0.3
vendor:	cisco	model:	nx-os software for nexus series switches 7.0 i4	scope:	ne	version:	9000	Trust: 0.3
vendor:	cisco	model:	nx-os software for nexus platform switches 7.0 f3	scope:	ne	version:	3600	Trust: 0.3
vendor:	cisco	model:	nx-os software for nexus platform switches 7.0 i7	scope:	ne	version:	3500	Trust: 0.3
vendor:	cisco	model:	nx-os software for nexus platform switches 7.0 i4	scope:	ne	version:	3500	Trust: 0.3
vendor:	cisco	model:	nx-os software for nexus series switches 7.0 i7	scope:	ne	version:	3000	Trust: 0.3
vendor:	cisco	model:	nx-os software for nexus series switches 7.0 i4	scope:	ne	version:	3000	Trust: 0.3

sources: BID: 108378 // JVNDB: JVNDB-2019-004599 // NVD: CVE-2019-1729

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1729
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1729
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-1729
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201905-643
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-149521
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-1729
severity:	MEDIUM
baseScore:	6.6
vectorString:	AV:L/AC:L/AU:N/C:N/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-149521
severity:	MEDIUM
baseScore:	6.6
vectorString:	AV:L/AC:L/AU:N/C:N/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-1729
baseSeverity:	MEDIUM
baseScore:	6.0
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.2
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1729
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	CVE-2019-1729
baseSeverity:	MEDIUM
baseScore:	6.0
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-149521 // JVNDB: JVNDB-2019-004599 // CNNVD: CNNVD-201905-643 // NVD: CVE-2019-1729 // NVD: CVE-2019-1729

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.9
problemtype:	CWE-347	Trust: 1.1

sources: VULHUB: VHN-149521 // JVNDB: JVNDB-2019-004599 // NVD: CVE-2019-1729

THREAT TYPE

local

Trust: 0.9

sources: BID: 108378 // CNNVD: CNNVD-201905-643

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-201905-643

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004599

PATCH

title:	cisco-sa-20190515-nxos-file-write	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-file-write	Trust: 0.8
title:	Cisco NX-OS Software Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92769	Trust: 0.6

sources: JVNDB: JVNDB-2019-004599 // CNNVD: CNNVD-201905-643

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1729	Trust: 2.8
db:	BID	id:	108378	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-004599	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-643	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.1756.4	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.1756.3	Trust: 0.6
db:	VULHUB	id:	VHN-149521	Trust: 0.1

sources: VULHUB: VHN-149521 // BID: 108378 // JVNDB: JVNDB-2019-004599 // CNNVD: CNNVD-201905-643 // NVD: CVE-2019-1729

REFERENCES

url:	http://www.securityfocus.com/bid/108378	Trust: 2.3
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-file-write	Trust: 2.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1729	Trust: 1.4
url:	http://www.cisco.com/	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1729	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-ssh-info	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-rpm-injec	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-pyth-escal	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-psvb	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-nxapi-xss	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-linecardinj-1769	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1791	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1790	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmd-inject-1784	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1783	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1778	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1776	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1770	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1735	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1774-1775	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cli-bypass	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-overflow-inj	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-bash-bypass	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-sisv2	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.1756.3/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-nx-os-privilege-escalation-via-file-overwrite-29328	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/81106	Trust: 0.6

sources: VULHUB: VHN-149521 // BID: 108378 // JVNDB: JVNDB-2019-004599 // CNNVD: CNNVD-201905-643 // NVD: CVE-2019-1729

CREDITS

Cisco

Trust: 0.9

sources: BID: 108378 // CNNVD: CNNVD-201905-643

SOURCES

db:	VULHUB	id:	VHN-149521
db:	BID	id:	108378
db:	JVNDB	id:	JVNDB-2019-004599
db:	CNNVD	id:	CNNVD-201905-643
db:	NVD	id:	CVE-2019-1729

LAST UPDATE DATE

2024-08-14T13:55:27.089000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-149521	date:	2020-10-09T00:00:00
db:	BID	id:	108378	date:	2019-05-15T00:00:00
db:	JVNDB	id:	JVNDB-2019-004599	date:	2019-06-05T00:00:00
db:	CNNVD	id:	CNNVD-201905-643	date:	2020-10-28T00:00:00
db:	NVD	id:	CVE-2019-1729	date:	2020-10-09T17:11:59.097

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-149521	date:	2019-05-15T00:00:00
db:	BID	id:	108378	date:	2019-05-15T00:00:00
db:	JVNDB	id:	JVNDB-2019-004599	date:	2019-06-05T00:00:00
db:	CNNVD	id:	CNNVD-201905-643	date:	2019-05-15T00:00:00
db:	NVD	id:	CVE-2019-1729	date:	2019-05-15T17:29:01.657