ID

VAR-201905-0532


CVE

CVE-2019-1809


TITLE

Cisco NX-OS Vulnerabilities related to digital signature verification in software

Trust: 0.8

sources: JVNDB: JVNDB-2019-004590

DESCRIPTION

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by crafting an unsigned software patch to bypass signature checks and loading it on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image. Cisco NX-OS The software contains a vulnerability related to digital signature verification.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Multiple Cisco Products prone to an local security-bypass vulnerability. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. This issue is being tracked by Cisco Bug IDs CSCvi42264 and CSCvj12239. Cisco NX-OS Software is a data center-level operating system software used by a set of switches of Cisco. The vulnerability stems from a network system or product not adequately verifying the origin or authenticity of data. Attackers can use forged data to attack. The following products and versions are affected: Cisco MDS 9700 Series Multilayer Directors; Nexus 7000 Series Switches; Nexus 7700 Series Switches; UCS 6200 Series Fabric Interconnects; UCS 6300 Series Fabric Interconnects

Trust: 1.98

sources: NVD: CVE-2019-1809 // JVNDB: JVNDB-2019-004590 // BID: 108375 // VULHUB: VHN-150401

AFFECTED PRODUCTS

vendor:ciscomodel:nx-osscope:gteversion:8.0

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:8.1\(1a\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:8.2\(3\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:7.3

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:7.2

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:8.3\(1\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:3.1

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:8.2

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:3.2\(3k\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:7.3\(3\)d1\(1\)

Trust: 1.0

vendor:ciscomodel:nx-osscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified computing system 3.0 ascope: - version: -

Trust: 0.3

vendor:ciscomodel:ucs series fabric interconnectsscope:eqversion:63000

Trust: 0.3

vendor:ciscomodel:ucs series fabric interconnectsscope:eqversion:62000

Trust: 0.3

vendor:ciscomodel:nx-os software for ucs fabric interconnectsscope:eqversion:63003.2

Trust: 0.3

vendor:ciscomodel:nx-os software for ucs fabric interconnectsscope:eqversion:63003.1

Trust: 0.3

vendor:ciscomodel:nx-os software for ucs fabric interconnectsscope:eqversion:62003.2

Trust: 0.3

vendor:ciscomodel:nx-os software for ucs fabric interconnectsscope:eqversion:62003.1

Trust: 0.3

vendor:ciscomodel:nx-os software for nexus seriesscope:eqversion:77008.2

Trust: 0.3

vendor:ciscomodel:nx-os software for nexus seriesscope:eqversion:77008.1

Trust: 0.3

vendor:ciscomodel:nx-os software for nexus seriesscope:eqversion:77008.0

Trust: 0.3

vendor:ciscomodel:nx-os software for nexus seriesscope:eqversion:77007.3

Trust: 0.3

vendor:ciscomodel:nx-os software for nexus seriesscope:eqversion:77007.2

Trust: 0.3

vendor:ciscomodel:nx-os software for nexus seriesscope:eqversion:70008.2

Trust: 0.3

vendor:ciscomodel:nx-os software for nexus seriesscope:eqversion:70008.1

Trust: 0.3

vendor:ciscomodel:nx-os software for nexus seriesscope:eqversion:70008.0

Trust: 0.3

vendor:ciscomodel:nx-os software for nexus seriesscope:eqversion:70007.3

Trust: 0.3

vendor:ciscomodel:nx-os software for nexus seriesscope:eqversion:70007.2

Trust: 0.3

vendor:ciscomodel:nx-os software for mds seriesscope:eqversion:97008.2

Trust: 0.3

vendor:ciscomodel:nx-os software for mds seriesscope:eqversion:97008.1

Trust: 0.3

vendor:ciscomodel:nx-os software for mds seriesscope:eqversion:97007.3

Trust: 0.3

vendor:ciscomodel:nexus series switchesscope:eqversion:77000

Trust: 0.3

vendor:ciscomodel:nexus series switchesscope:eqversion:70008.2(1)

Trust: 0.3

vendor:ciscomodel:mds series multilayer directorsscope:eqversion:97000

Trust: 0.3

vendor:ciscomodel:unified computing system 4.0scope:neversion: -

Trust: 0.3

vendor:ciscomodel:unified computing system 3.2scope:neversion: -

Trust: 0.3

vendor:ciscomodel:nx-os software for ucs fabric interconnects 3.2scope:neversion:6300

Trust: 0.3

vendor:ciscomodel:nx-os software for ucs fabric interconnects 3.2scope:neversion:6200

Trust: 0.3

vendor:ciscomodel:nx-os software for nexus seriesscope:neversion:77008.2(3)

Trust: 0.3

vendor:ciscomodel:nx-os software for nexus series 7.3 d1scope:neversion:7700

Trust: 0.3

vendor:ciscomodel:nx-os software for nexus seriesscope:neversion:70008.2(3)

Trust: 0.3

vendor:ciscomodel:nx-os software for nexus series 7.3 d1scope:neversion:7000

Trust: 0.3

vendor:ciscomodel:nx-os software for mds seriesscope:neversion:97008.3(1)

Trust: 0.3

vendor:ciscomodel:nx-os software for mds series 8.1scope:neversion:9700

Trust: 0.3

vendor:ciscomodel:nexus series switchesscope:neversion:70008.3(1)

Trust: 0.3

vendor:ciscomodel:nexus series switchesscope:neversion:70008.2(3)

Trust: 0.3

vendor:ciscomodel:nexus series switches 7.3 d1scope:neversion:7000

Trust: 0.3

sources: BID: 108375 // JVNDB: JVNDB-2019-004590 // NVD: CVE-2019-1809

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1809
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1809
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1809
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201905-685
value: MEDIUM

Trust: 0.6

VULHUB: VHN-150401
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1809
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-150401
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1809
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1809
baseSeverity: MEDIUM
baseScore: 6.4
vectorString: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.5
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: CVE-2019-1809
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-150401 // JVNDB: JVNDB-2019-004590 // CNNVD: CNNVD-201905-685 // NVD: CVE-2019-1809 // NVD: CVE-2019-1809

PROBLEMTYPE DATA

problemtype:CWE-347

Trust: 1.9

sources: VULHUB: VHN-150401 // JVNDB: JVNDB-2019-004590 // NVD: CVE-2019-1809

THREAT TYPE

local

Trust: 0.9

sources: BID: 108375 // CNNVD: CNNVD-201905-685

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-201905-685

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004590

PATCH

title:cisco-sa-20190515-nxos-psvburl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-psvb

Trust: 0.8

title:Cisco NX-OS Software Repair measures for data forgery problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92809

Trust: 0.6

sources: JVNDB: JVNDB-2019-004590 // CNNVD: CNNVD-201905-685

EXTERNAL IDS

db:NVDid:CVE-2019-1809

Trust: 2.8

db:BIDid:108375

Trust: 2.0

db:JVNDBid:JVNDB-2019-004590

Trust: 0.8

db:CNNVDid:CNNVD-201905-685

Trust: 0.7

db:AUSCERTid:ESB-2019.1756.4

Trust: 0.6

db:AUSCERTid:ESB-2019.1756.3

Trust: 0.6

db:VULHUBid:VHN-150401

Trust: 0.1

sources: VULHUB: VHN-150401 // BID: 108375 // JVNDB: JVNDB-2019-004590 // CNNVD: CNNVD-201905-685 // NVD: CVE-2019-1809

REFERENCES

url:http://www.securityfocus.com/bid/108375

Trust: 2.3

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-psvb

Trust: 2.0

url:https://nvd.nist.gov/vuln/detail/cve-2019-1809

Trust: 1.4

url:http://www.cisco.com/

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1809

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-ssh-info

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-rpm-injec

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-pyth-escal

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-nxapi-xss

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-linecardinj-1769

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1791

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1790

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmd-inject-1784

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1783

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1778

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1776

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1770

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1735

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1774-1775

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cli-bypass

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-overflow-inj

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-bash-bypass

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-file-write

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-sisv2

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.1756.3/

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-nexus-multiple-vulnerabilities-via-signature-29341

Trust: 0.6

url:https://www.auscert.org.au/bulletins/81106

Trust: 0.6

sources: VULHUB: VHN-150401 // BID: 108375 // JVNDB: JVNDB-2019-004590 // CNNVD: CNNVD-201905-685 // NVD: CVE-2019-1809

CREDITS

Cisco

Trust: 0.9

sources: BID: 108375 // CNNVD: CNNVD-201905-685

SOURCES

db:VULHUBid:VHN-150401
db:BIDid:108375
db:JVNDBid:JVNDB-2019-004590
db:CNNVDid:CNNVD-201905-685
db:NVDid:CVE-2019-1809

LAST UPDATE DATE

2024-08-14T13:55:27.280000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-150401date:2019-05-20T00:00:00
db:BIDid:108375date:2019-05-15T00:00:00
db:JVNDBid:JVNDB-2019-004590date:2019-06-05T00:00:00
db:CNNVDid:CNNVD-201905-685date:2019-05-21T00:00:00
db:NVDid:CVE-2019-1809date:2023-03-24T17:46:28.160

SOURCES RELEASE DATE

db:VULHUBid:VHN-150401date:2019-05-15T00:00:00
db:BIDid:108375date:2019-05-15T00:00:00
db:JVNDBid:JVNDB-2019-004590date:2019-06-05T00:00:00
db:CNNVDid:CNNVD-201905-685date:2019-05-15T00:00:00
db:NVDid:CVE-2019-1809date:2019-05-15T23:29:01.073