ID

VAR-201905-0249


CVE

CVE-2019-1730


TITLE

Cisco NX-OS Vulnerability related to authorization, authority, and access control in software

Trust: 0.8

sources: JVNDB: JVNDB-2019-004600

DESCRIPTION

A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to bypass the limited command set of the restricted Guest Shell and execute commands at the privilege level of a network-admin user outside of the Guest Shell. The attacker must authenticate with valid administrator device credentials. The vulnerability is due to the incorrect implementation of a CLI command that allows a Bash command to be incorrectly invoked on the Guest Shell CLI. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the Guest Shell prompt. A successful exploit could allow the attacker to issue commands that should be restricted by a Guest Shell account. Cisco NX-OS The software contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco NX-OS System Software is prone to a local security-bypass vulnerability. This may aid in further attacks. This issue is being tracked by Cisco Bug IDs CSCvh76090, CSCvj01472, CSCvj01497 . The implementation of the Bash shell in Cisco NX-OS Software is vulnerable to permission and access control issues. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products. The following products and versions are affected: Cisco Nexus 3000 Series Switches; Nexus 3500 Platform Switches; Nexus 3600 Platform Switches; Nexus 7000 Series Switches; Nexus 7700 Series Switches; Nexus 9000 Series Switches in standalone NX-OS mode; Platform

Trust: 1.98

sources: NVD: CVE-2019-1730 // JVNDB: JVNDB-2019-004600 // BID: 108397 // VULHUB: VHN-149532

AFFECTED PRODUCTS

vendor:ciscomodel:nx-osscope:ltversion:7.0\(3\)f3\(5\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:8.3\(1\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:7.0\(3\)i7

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:7.0\(3\)i4

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:7.0\(3\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:7.0\(3\)i7\(4\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:8.1

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:7.0\(3\)i4\(9\)

Trust: 1.0

vendor:ciscomodel:nx-osscope: - version: -

Trust: 0.8

vendor:ciscomodel:nx-osscope:eqversion:8.3

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:8.2

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:8.1

Trust: 0.3

vendor:ciscomodel:nx-os 7.0 i7scope: - version: -

Trust: 0.3

vendor:ciscomodel:nx-os 7.0 i4scope: - version: -

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:7.0(3)

Trust: 0.3

vendor:ciscomodel:nexus r-series switching platformscope:eqversion:95000

Trust: 0.3

vendor:ciscomodel:nexus series switches standalone nx-os modescope:eqversion:9000-0

Trust: 0.3

vendor:ciscomodel:nexus series switchesscope:eqversion:77000

Trust: 0.3

vendor:ciscomodel:nexus series switchesscope:eqversion:70000

Trust: 0.3

vendor:ciscomodel:nexus platform switchesscope:eqversion:36000

Trust: 0.3

vendor:ciscomodel:nexus platform switchesscope:eqversion:35000

Trust: 0.3

vendor:ciscomodel:nexus series switchesscope:eqversion:30000

Trust: 0.3

vendor:ciscomodel:nx-osscope:neversion:8.3(1)

Trust: 0.3

vendor:ciscomodel:nx-osscope:neversion:8.2(3)

Trust: 0.3

vendor:ciscomodel:nx-os 7.0 i7scope:neversion: -

Trust: 0.3

vendor:ciscomodel:nx-os 7.0 i4scope:neversion: -

Trust: 0.3

vendor:ciscomodel:nx-os 7.0 f3scope:neversion: -

Trust: 0.3

sources: BID: 108397 // JVNDB: JVNDB-2019-004600 // NVD: CVE-2019-1730

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1730
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1730
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1730
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201905-644
value: MEDIUM

Trust: 0.6

VULHUB: VHN-149532
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-1730
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-149532
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1730
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1730
baseSeverity: MEDIUM
baseScore: 6.0
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.2
version: 3.0

Trust: 1.0

NVD: CVE-2019-1730
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-149532 // JVNDB: JVNDB-2019-004600 // CNNVD: CNNVD-201905-644 // NVD: CVE-2019-1730 // NVD: CVE-2019-1730

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: VULHUB: VHN-149532 // JVNDB: JVNDB-2019-004600 // NVD: CVE-2019-1730

THREAT TYPE

local

Trust: 0.9

sources: BID: 108397 // CNNVD: CNNVD-201905-644

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201905-644

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004600

PATCH

title:cisco-sa-20190515-nxos-bash-bypassurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-bash-bypass

Trust: 0.8

title:Cisco NX-OS Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92770

Trust: 0.6

sources: JVNDB: JVNDB-2019-004600 // CNNVD: CNNVD-201905-644

EXTERNAL IDS

db:NVDid:CVE-2019-1730

Trust: 2.8

db:BIDid:108397

Trust: 2.0

db:JVNDBid:JVNDB-2019-004600

Trust: 0.8

db:CNNVDid:CNNVD-201905-644

Trust: 0.7

db:AUSCERTid:ESB-2019.1756.3

Trust: 0.6

db:AUSCERTid:ESB-2019.1756.4

Trust: 0.6

db:VULHUBid:VHN-149532

Trust: 0.1

sources: VULHUB: VHN-149532 // BID: 108397 // JVNDB: JVNDB-2019-004600 // CNNVD: CNNVD-201905-644 // NVD: CVE-2019-1730

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-bash-bypass

Trust: 2.6

url:http://www.securityfocus.com/bid/108397

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-1730

Trust: 1.4

url:http://www.cisco.com/

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1730

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-ssh-info

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-rpm-injec

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-pyth-escal

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-psvb

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-nxapi-xss

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-linecardinj-1769

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1791

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1790

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmd-inject-1784

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1783

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1778

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1776

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1770

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1735

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1774-1775

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cli-bypass

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-overflow-inj

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-file-write

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-sisv2

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-nx-os-privilege-escalation-via-a-restricted-bash-29329

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.1756.3/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/81106

Trust: 0.6

sources: VULHUB: VHN-149532 // BID: 108397 // JVNDB: JVNDB-2019-004600 // CNNVD: CNNVD-201905-644 // NVD: CVE-2019-1730

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 108397

SOURCES

db:VULHUBid:VHN-149532
db:BIDid:108397
db:JVNDBid:JVNDB-2019-004600
db:CNNVDid:CNNVD-201905-644
db:NVDid:CVE-2019-1730

LAST UPDATE DATE

2024-08-14T13:55:27.312000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-149532date:2020-10-09T00:00:00
db:BIDid:108397date:2019-05-15T00:00:00
db:JVNDBid:JVNDB-2019-004600date:2019-06-05T00:00:00
db:CNNVDid:CNNVD-201905-644date:2020-10-10T00:00:00
db:NVDid:CVE-2019-1730date:2020-10-09T17:12:52.817

SOURCES RELEASE DATE

db:VULHUBid:VHN-149532date:2019-05-15T00:00:00
db:BIDid:108397date:2019-05-15T00:00:00
db:JVNDBid:JVNDB-2019-004600date:2019-06-05T00:00:00
db:CNNVDid:CNNVD-201905-644date:2019-05-15T00:00:00
db:NVDid:CVE-2019-1730date:2019-05-15T17:29:01.717