ID

VAR-201905-0248


CVE

CVE-2019-1733


TITLE

Cisco NX-OS Software cross-site scripting vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2019-004602 // CNNVD: CNNVD-201905-647

DESCRIPTION

A vulnerability in the NX API (NX-API) Sandbox interface for Cisco NX-OS Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the NX-API Sandbox interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the NX-API Sandbox interface. An attacker could exploit this vulnerability by persuading a user of the NX-API Sandbox interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected NX-API Sandbox interface. Cisco NX-OS The software contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCvj14814. Cisco NX-OS Software is a data center-level operating system software used by a set of switches of Cisco. The vulnerability stems from the lack of correct validation of client data in WEB applications. The following products and versions are affected: Cisco Nexus 3000 Series Switches; Nexus 3500 Platform Switches; Nexus 9000 Series Switches in standalone NX-OS mode

Trust: 1.98

sources: NVD: CVE-2019-1733 // JVNDB: JVNDB-2019-004602 // BID: 108348 // VULHUB: VHN-149565

AFFECTED PRODUCTS

vendor:ciscomodel:nx-osscope:gteversion:7.0\(3\)i7

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:7.0\(3\)i7\(4\)

Trust: 1.0

vendor:ciscomodel:nx-osscope: - version: -

Trust: 0.8

vendor:ciscomodel:nx-os 7.0 i7scope: - version: -

Trust: 0.3

vendor:ciscomodel:nexus series switches in standalone nx-os modescope:eqversion:90000

Trust: 0.3

vendor:ciscomodel:nexus series switchesscope:eqversion:90000

Trust: 0.3

vendor:ciscomodel:nexus platform switchesscope:eqversion:35000

Trust: 0.3

vendor:ciscomodel:nexus series switchesscope:eqversion:30000

Trust: 0.3

vendor:ciscomodel:nx-os 7.0 i7scope:neversion: -

Trust: 0.3

sources: BID: 108348 // JVNDB: JVNDB-2019-004602 // NVD: CVE-2019-1733

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1733
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1733
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1733
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201905-647
value: MEDIUM

Trust: 0.6

VULHUB: VHN-149565
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-1733
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-149565
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1733
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-149565 // JVNDB: JVNDB-2019-004602 // CNNVD: CNNVD-201905-647 // NVD: CVE-2019-1733 // NVD: CVE-2019-1733

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-149565 // JVNDB: JVNDB-2019-004602 // NVD: CVE-2019-1733

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-647

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201905-647

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004602

PATCH

title:cisco-sa-20190515-nxos-nxapi-xssurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-nxapi-xss

Trust: 0.8

title:Cisco NX-OS Software Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92773

Trust: 0.6

sources: JVNDB: JVNDB-2019-004602 // CNNVD: CNNVD-201905-647

EXTERNAL IDS

db:NVDid:CVE-2019-1733

Trust: 2.8

db:BIDid:108348

Trust: 2.0

db:JVNDBid:JVNDB-2019-004602

Trust: 0.8

db:CNNVDid:CNNVD-201905-647

Trust: 0.7

db:AUSCERTid:ESB-2019.1756.4

Trust: 0.6

db:AUSCERTid:ESB-2019.1756.3

Trust: 0.6

db:VULHUBid:VHN-149565

Trust: 0.1

sources: VULHUB: VHN-149565 // BID: 108348 // JVNDB: JVNDB-2019-004602 // CNNVD: CNNVD-201905-647 // NVD: CVE-2019-1733

REFERENCES

url:http://www.securityfocus.com/bid/108348

Trust: 2.3

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-nxapi-xss

Trust: 2.0

url:https://nvd.nist.gov/vuln/detail/cve-2019-1733

Trust: 1.4

url:http://www.cisco.com/

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1733

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-ssh-info

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-rpm-injec

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-pyth-escal

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-psvb

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-linecardinj-1769

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1791

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1790

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmd-inject-1784

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1783

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1778

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1776

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1770

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1735

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1774-1775

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cli-bypass

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-overflow-inj

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-bash-bypass

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-file-write

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-sisv2

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.1756.3/

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-nx-os-cross-site-scripting-via-nx-api-29332

Trust: 0.6

url:https://www.auscert.org.au/bulletins/81106

Trust: 0.6

sources: VULHUB: VHN-149565 // BID: 108348 // JVNDB: JVNDB-2019-004602 // CNNVD: CNNVD-201905-647 // NVD: CVE-2019-1733

CREDITS

Cisco

Trust: 0.9

sources: BID: 108348 // CNNVD: CNNVD-201905-647

SOURCES

db:VULHUBid:VHN-149565
db:BIDid:108348
db:JVNDBid:JVNDB-2019-004602
db:CNNVDid:CNNVD-201905-647
db:NVDid:CVE-2019-1733

LAST UPDATE DATE

2024-11-23T21:37:18.396000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-149565date:2019-10-09T00:00:00
db:BIDid:108348date:2019-05-15T00:00:00
db:JVNDBid:JVNDB-2019-004602date:2019-06-05T00:00:00
db:CNNVDid:CNNVD-201905-647date:2019-05-21T00:00:00
db:NVDid:CVE-2019-1733date:2024-11-21T04:37:12.297

SOURCES RELEASE DATE

db:VULHUBid:VHN-149565date:2019-05-15T00:00:00
db:BIDid:108348date:2019-05-15T00:00:00
db:JVNDBid:JVNDB-2019-004602date:2019-06-05T00:00:00
db:CNNVDid:CNNVD-201905-647date:2019-05-15T00:00:00
db:NVDid:CVE-2019-1733date:2019-05-15T17:29:01.907