ID

VAR-201905-0533


CVE

CVE-2019-1810


TITLE

Cisco Nexus 3000 and 9000 Series switch NX-OS CLI command Vulnerability in digital signature verification

Trust: 0.8

sources: JVNDB: JVNDB-2019-004591

DESCRIPTION

A vulnerability in the Image Signature Verification feature used in an NX-OS CLI command in Cisco Nexus 3000 Series and 9000 Series Switches could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device. Note: If the device has not been patched for the vulnerability previously disclosed in the Cisco Security Advisory cisco-sa-20190306-nxos-sig-verif, a successful exploit could allow the attacker to boot a malicious software image. Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches are products of Cisco. The Cisco Nexus 3000 Series Switches is a 3000 Series switch. The Cisco Nexus 9000 Series Switches is a 9000 Series switch. Attackers can use fake data to attack. Successfully exploiting this issue may allow an attacker to perform unauthorized actions. This may lead to other attacks. This issue is being tracked by Cisco Bug ID CSCvj14078. The following products and versions are affected: Cisco N3K-C3164Q; N3K-C3232C; N9K-C92304QC; N9K-C9232C

Trust: 2.52

sources: NVD: CVE-2019-1810 // JVNDB: JVNDB-2019-004591 // CNVD: CNVD-2019-29417 // BID: 108431 // VULHUB: VHN-150412

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-29417

AFFECTED PRODUCTS

vendor:ciscomodel:nx-osscope:gteversion:6.1\(2\)i3\(4\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:9.2\(2\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:9.2\(1\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:7.0\(3\)i7\(5\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:7.0\(3\)i7\(1\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:7.0\(3\)i4\(2\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:7.0\(3\)i7\(2\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:7.0\(3\)i4\(1\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:7.0\(3\)i7\(5a\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:7.0\(3\)i3\(1\)

Trust: 1.0

vendor:ciscomodel:nx-osscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus c3164qscope:eqversion:3000

Trust: 0.6

vendor:ciscomodel:nexus c3232cscope:eqversion:3000

Trust: 0.6

vendor:ciscomodel:nexus c92304qcscope:eqversion:9000

Trust: 0.6

vendor:ciscomodel:nexus c9232cscope:eqversion:9000

Trust: 0.6

vendor:ciscomodel:nx-os 7.0 i7scope: - version: -

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:nexus series switchesscope:eqversion:90000

Trust: 0.3

vendor:ciscomodel:nexus series switchesscope:eqversion:30000

Trust: 0.3

sources: CNVD: CNVD-2019-29417 // BID: 108431 // JVNDB: JVNDB-2019-004591 // NVD: CVE-2019-1810

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1810
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1810
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1810
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-29417
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201905-687
value: MEDIUM

Trust: 0.6

VULHUB: VHN-150412
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1810
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-29417
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-150412
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-1810
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-1810
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2019-29417 // VULHUB: VHN-150412 // JVNDB: JVNDB-2019-004591 // CNNVD: CNNVD-201905-687 // NVD: CVE-2019-1810 // NVD: CVE-2019-1810

PROBLEMTYPE DATA

problemtype:CWE-347

Trust: 1.9

sources: VULHUB: VHN-150412 // JVNDB: JVNDB-2019-004591 // NVD: CVE-2019-1810

THREAT TYPE

local

Trust: 0.9

sources: BID: 108431 // CNNVD: CNNVD-201905-687

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-201905-687

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004591

PATCH

title:cisco-sa-20190515-nxos-sisvurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-sisv

Trust: 0.8

title:Patch for Cisco Nexus 3000 Series and 9000 Series Switches Data Forgery Vulnerability Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/177959

Trust: 0.6

title:Cisco Nexus 3000 Series and 9000 Series Switches Repair measures for data forgery problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92811

Trust: 0.6

sources: CNVD: CNVD-2019-29417 // JVNDB: JVNDB-2019-004591 // CNNVD: CNNVD-201905-687

EXTERNAL IDS

db:NVDid:CVE-2019-1810

Trust: 3.4

db:BIDid:108431

Trust: 2.0

db:JVNDBid:JVNDB-2019-004591

Trust: 0.8

db:CNNVDid:CNNVD-201905-687

Trust: 0.7

db:CNVDid:CNVD-2019-29417

Trust: 0.6

db:AUSCERTid:ESB-2019.1755

Trust: 0.6

db:VULHUBid:VHN-150412

Trust: 0.1

sources: CNVD: CNVD-2019-29417 // VULHUB: VHN-150412 // BID: 108431 // JVNDB: JVNDB-2019-004591 // CNNVD: CNNVD-201905-687 // NVD: CVE-2019-1810

REFERENCES

url:http://www.securityfocus.com/bid/108431

Trust: 2.3

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-sisv

Trust: 2.0

url:https://nvd.nist.gov/vuln/detail/cve-2019-1810

Trust: 1.4

url:http://www.cisco.com/

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1810

Trust: 0.8

url:https://web.nvd.nist.gov//vuln/detail/cve-2019-1810

Trust: 0.6

url:https://www.auscert.org.au/bulletins/81102

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-nexus-multiple-vulnerabilities-via-signature-29341

Trust: 0.6

sources: CNVD: CNVD-2019-29417 // VULHUB: VHN-150412 // BID: 108431 // JVNDB: JVNDB-2019-004591 // CNNVD: CNNVD-201905-687 // NVD: CVE-2019-1810

CREDITS

Cisco

Trust: 0.9

sources: BID: 108431 // CNNVD: CNNVD-201905-687

SOURCES

db:CNVDid:CNVD-2019-29417
db:VULHUBid:VHN-150412
db:BIDid:108431
db:JVNDBid:JVNDB-2019-004591
db:CNNVDid:CNNVD-201905-687
db:NVDid:CVE-2019-1810

LAST UPDATE DATE

2024-08-14T15:12:49.164000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-29417date:2019-08-30T00:00:00
db:VULHUBid:VHN-150412date:2019-05-23T00:00:00
db:BIDid:108431date:2019-05-15T00:00:00
db:JVNDBid:JVNDB-2019-004591date:2019-06-05T00:00:00
db:CNNVDid:CNNVD-201905-687date:2019-05-27T00:00:00
db:NVDid:CVE-2019-1810date:2023-03-24T17:46:33.507

SOURCES RELEASE DATE

db:CNVDid:CNVD-2019-29417date:2019-08-14T00:00:00
db:VULHUBid:VHN-150412date:2019-05-15T00:00:00
db:BIDid:108431date:2019-05-15T00:00:00
db:JVNDBid:JVNDB-2019-004591date:2019-06-05T00:00:00
db:CNNVDid:CNNVD-201905-687date:2019-05-15T00:00:00
db:NVDid:CVE-2019-1810date:2019-05-15T23:29:01.153