Details of VAR-201905-0532

ID

VAR-201905-0532

CVE

CVE-2019-1809

TITLE

Cisco NX-OS Vulnerabilities related to digital signature verification in software

Trust: 0.8

sources: JVNDB: JVNDB-2019-004590

DESCRIPTION

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by crafting an unsigned software patch to bypass signature checks and loading it on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image. Cisco NX-OS The software contains a vulnerability related to digital signature verification.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Multiple Cisco Products prone to an local security-bypass vulnerability. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. This issue is being tracked by Cisco Bug IDs CSCvi42264 and CSCvj12239. Cisco NX-OS Software is a data center-level operating system software used by a set of switches of Cisco. The vulnerability stems from a network system or product not adequately verifying the origin or authenticity of data. Attackers can use forged data to attack. The following products and versions are affected: Cisco MDS 9700 Series Multilayer Directors; Nexus 7000 Series Switches; Nexus 7700 Series Switches; UCS 6200 Series Fabric Interconnects; UCS 6300 Series Fabric Interconnects

Trust: 1.98

sources: NVD: CVE-2019-1809 // JVNDB: JVNDB-2019-004590 // BID: 108375 // VULHUB: VHN-150401

AFFECTED PRODUCTS

vendor:	cisco	model:	nx-os	scope:	gte	version:	8.0	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	8.1\(1a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	8.2\(3\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	gte	version:	7.3	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	gte	version:	7.2	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	8.3\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	gte	version:	3.1	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	gte	version:	8.2	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	3.2\(3k\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	7.3\(3\)d1\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified computing system 3.0 a	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ucs series fabric interconnects	scope:	eq	version:	63000	Trust: 0.3
vendor:	cisco	model:	ucs series fabric interconnects	scope:	eq	version:	62000	Trust: 0.3
vendor:	cisco	model:	nx-os software for ucs fabric interconnects	scope:	eq	version:	63003.2	Trust: 0.3
vendor:	cisco	model:	nx-os software for ucs fabric interconnects	scope:	eq	version:	63003.1	Trust: 0.3
vendor:	cisco	model:	nx-os software for ucs fabric interconnects	scope:	eq	version:	62003.2	Trust: 0.3
vendor:	cisco	model:	nx-os software for ucs fabric interconnects	scope:	eq	version:	62003.1	Trust: 0.3
vendor:	cisco	model:	nx-os software for nexus series	scope:	eq	version:	77008.2	Trust: 0.3
vendor:	cisco	model:	nx-os software for nexus series	scope:	eq	version:	77008.1	Trust: 0.3
vendor:	cisco	model:	nx-os software for nexus series	scope:	eq	version:	77008.0	Trust: 0.3
vendor:	cisco	model:	nx-os software for nexus series	scope:	eq	version:	77007.3	Trust: 0.3
vendor:	cisco	model:	nx-os software for nexus series	scope:	eq	version:	77007.2	Trust: 0.3
vendor:	cisco	model:	nx-os software for nexus series	scope:	eq	version:	70008.2	Trust: 0.3
vendor:	cisco	model:	nx-os software for nexus series	scope:	eq	version:	70008.1	Trust: 0.3
vendor:	cisco	model:	nx-os software for nexus series	scope:	eq	version:	70008.0	Trust: 0.3
vendor:	cisco	model:	nx-os software for nexus series	scope:	eq	version:	70007.3	Trust: 0.3
vendor:	cisco	model:	nx-os software for nexus series	scope:	eq	version:	70007.2	Trust: 0.3
vendor:	cisco	model:	nx-os software for mds series	scope:	eq	version:	97008.2	Trust: 0.3
vendor:	cisco	model:	nx-os software for mds series	scope:	eq	version:	97008.1	Trust: 0.3
vendor:	cisco	model:	nx-os software for mds series	scope:	eq	version:	97007.3	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	77000	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	70008.2(1)	Trust: 0.3
vendor:	cisco	model:	mds series multilayer directors	scope:	eq	version:	97000	Trust: 0.3
vendor:	cisco	model:	unified computing system 4.0	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	unified computing system 3.2	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os software for ucs fabric interconnects 3.2	scope:	ne	version:	6300	Trust: 0.3
vendor:	cisco	model:	nx-os software for ucs fabric interconnects 3.2	scope:	ne	version:	6200	Trust: 0.3
vendor:	cisco	model:	nx-os software for nexus series	scope:	ne	version:	77008.2(3)	Trust: 0.3
vendor:	cisco	model:	nx-os software for nexus series 7.3 d1	scope:	ne	version:	7700	Trust: 0.3
vendor:	cisco	model:	nx-os software for nexus series	scope:	ne	version:	70008.2(3)	Trust: 0.3
vendor:	cisco	model:	nx-os software for nexus series 7.3 d1	scope:	ne	version:	7000	Trust: 0.3
vendor:	cisco	model:	nx-os software for mds series	scope:	ne	version:	97008.3(1)	Trust: 0.3
vendor:	cisco	model:	nx-os software for mds series 8.1	scope:	ne	version:	9700	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	ne	version:	70008.3(1)	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	ne	version:	70008.2(3)	Trust: 0.3
vendor:	cisco	model:	nexus series switches 7.3 d1	scope:	ne	version:	7000	Trust: 0.3

sources: BID: 108375 // JVNDB: JVNDB-2019-004590 // NVD: CVE-2019-1809

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1809
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1809
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-1809
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201905-685
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-150401
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-1809
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-150401
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-1809
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1809
baseSeverity:	MEDIUM
baseScore:	6.4
vectorString:	CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.5
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	CVE-2019-1809
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-150401 // JVNDB: JVNDB-2019-004590 // CNNVD: CNNVD-201905-685 // NVD: CVE-2019-1809 // NVD: CVE-2019-1809

PROBLEMTYPE DATA

problemtype:

CWE-347

Trust: 1.9

sources: VULHUB: VHN-150401 // JVNDB: JVNDB-2019-004590 // NVD: CVE-2019-1809

THREAT TYPE

local

Trust: 0.9

sources: BID: 108375 // CNNVD: CNNVD-201905-685

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-201905-685

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004590

PATCH

title:	cisco-sa-20190515-nxos-psvb	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-psvb	Trust: 0.8
title:	Cisco NX-OS Software Repair measures for data forgery problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92809	Trust: 0.6

sources: JVNDB: JVNDB-2019-004590 // CNNVD: CNNVD-201905-685

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1809	Trust: 2.8
db:	BID	id:	108375	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-004590	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-685	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.1756.4	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.1756.3	Trust: 0.6
db:	VULHUB	id:	VHN-150401	Trust: 0.1

sources: VULHUB: VHN-150401 // BID: 108375 // JVNDB: JVNDB-2019-004590 // CNNVD: CNNVD-201905-685 // NVD: CVE-2019-1809

REFERENCES

url:	http://www.securityfocus.com/bid/108375	Trust: 2.3
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-psvb	Trust: 2.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1809	Trust: 1.4
url:	http://www.cisco.com/	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1809	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-ssh-info	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-rpm-injec	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-pyth-escal	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-nxapi-xss	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-linecardinj-1769	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1791	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1790	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmd-inject-1784	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1783	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1778	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1776	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1770	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1735	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1774-1775	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cli-bypass	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-overflow-inj	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-bash-bypass	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-file-write	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-sisv2	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.1756.3/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-nexus-multiple-vulnerabilities-via-signature-29341	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/81106	Trust: 0.6

sources: VULHUB: VHN-150401 // BID: 108375 // JVNDB: JVNDB-2019-004590 // CNNVD: CNNVD-201905-685 // NVD: CVE-2019-1809

CREDITS

Cisco

Trust: 0.9

sources: BID: 108375 // CNNVD: CNNVD-201905-685

SOURCES

db:	VULHUB	id:	VHN-150401
db:	BID	id:	108375
db:	JVNDB	id:	JVNDB-2019-004590
db:	CNNVD	id:	CNNVD-201905-685
db:	NVD	id:	CVE-2019-1809

LAST UPDATE DATE

2024-08-14T13:55:27.280000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-150401	date:	2019-05-20T00:00:00
db:	BID	id:	108375	date:	2019-05-15T00:00:00
db:	JVNDB	id:	JVNDB-2019-004590	date:	2019-06-05T00:00:00
db:	CNNVD	id:	CNNVD-201905-685	date:	2019-05-21T00:00:00
db:	NVD	id:	CVE-2019-1809	date:	2023-03-24T17:46:28.160

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-150401	date:	2019-05-15T00:00:00
db:	BID	id:	108375	date:	2019-05-15T00:00:00
db:	JVNDB	id:	JVNDB-2019-004590	date:	2019-06-05T00:00:00
db:	CNNVD	id:	CNNVD-201905-685	date:	2019-05-15T00:00:00
db:	NVD	id:	CVE-2019-1809	date:	2019-05-15T23:29:01.073