Details of VAR-201905-0534

ID

VAR-201905-0534

CVE

CVE-2019-1811

TITLE

Cisco NX-OS Vulnerabilities related to digital signature verification in software

Trust: 0.8

sources: JVNDB: JVNDB-2019-004592

DESCRIPTION

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device. Cisco NX-OS The software contains a vulnerability related to digital signature verification.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Successfully exploiting these issues may allow an attacker to perform unauthorized actions. This may lead to other attacks. This issue is being tracked by Cisco Bug IDs CSCvj14093, CSCvj14106, CSCvj14182, CSCvk53125, CSCvk53227, CSCvk53256. Cisco NX-OS Software is a data center-level operating system software used by a set of switches of Cisco. The vulnerability stems from a network system or product not adequately verifying the origin or authenticity of data. Attackers can use forged data to attack. The following products and versions are affected: Cisco Nexus 3000 Series Switches; Nexus 3600 Platform Switches; Nexus 9000 Series Switches in standalone NX-OS mode; Nexus 9500 R-Series Switching Platform

Trust: 1.98

sources: NVD: CVE-2019-1811 // JVNDB: JVNDB-2019-004592 // BID: 108425 // VULHUB: VHN-150423

AFFECTED PRODUCTS

vendor:	cisco	model:	nx-os	scope:	gte	version:	6.0\(2\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	7.0\(3\)i7\(5\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	9.2\(2\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	gte	version:	7.0\(3\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	gte	version:	9.2	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	7.0\(3\)f3\(5\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nx-os	scope:	eq	version:	9.2	Trust: 0.3
vendor:	cisco	model:	nx-os 7.0 i7	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 7.0 i6	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 7.0 i5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 7.0 i4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 7.0 f3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nexus r-series switching platform	scope:	eq	version:	95000	Trust: 0.3
vendor:	cisco	model:	nexus series switches in standalone nx-os mode	scope:	eq	version:	90000	Trust: 0.3
vendor:	cisco	model:	nexus platform switches	scope:	eq	version:	36000	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	30000	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	ne	version:	9.2(2)	Trust: 0.3
vendor:	cisco	model:	nx-os 7.0 i7	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 7.0 f3	scope:	ne	version:	-	Trust: 0.3

sources: BID: 108425 // JVNDB: JVNDB-2019-004592 // NVD: CVE-2019-1811

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1811
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1811
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-1811
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201905-686
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-150423
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-1811
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-150423
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ykramarz@cisco.com:	CVE-2019-1811
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2019-1811
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-150423 // JVNDB: JVNDB-2019-004592 // CNNVD: CNNVD-201905-686 // NVD: CVE-2019-1811 // NVD: CVE-2019-1811

PROBLEMTYPE DATA

problemtype:

CWE-347

Trust: 1.9

sources: VULHUB: VHN-150423 // JVNDB: JVNDB-2019-004592 // NVD: CVE-2019-1811

THREAT TYPE

local

Trust: 0.9

sources: BID: 108425 // CNNVD: CNNVD-201905-686

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-201905-686

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004592

PATCH

title:	cisco-sa-20190515-nxos-sisv2	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-sisv2	Trust: 0.8
title:	Cisco NX-OS Software Repair measures for data forgery problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92810	Trust: 0.6

sources: JVNDB: JVNDB-2019-004592 // CNNVD: CNNVD-201905-686

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1811	Trust: 2.8
db:	BID	id:	108425	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-004592	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-686	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.1756.4	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.1756.3	Trust: 0.6
db:	VULHUB	id:	VHN-150423	Trust: 0.1

sources: VULHUB: VHN-150423 // BID: 108425 // JVNDB: JVNDB-2019-004592 // CNNVD: CNNVD-201905-686 // NVD: CVE-2019-1811

REFERENCES

url:	http://www.securityfocus.com/bid/108425	Trust: 2.3
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-sisv2	Trust: 2.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1811	Trust: 1.4
url:	http://www.cisco.com/	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1811	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-ssh-info	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-rpm-injec	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-pyth-escal	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-psvb	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-nxapi-xss	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-linecardinj-1769	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1791	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1790	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmd-inject-1784	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1783	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1778	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1776	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1770	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1735	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1774-1775	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cli-bypass	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-overflow-inj	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-bash-bypass	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-file-write	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.1756.3/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/81106	Trust: 0.6

sources: VULHUB: VHN-150423 // BID: 108425 // JVNDB: JVNDB-2019-004592 // CNNVD: CNNVD-201905-686 // NVD: CVE-2019-1811

CREDITS

Cisco

Trust: 0.9

sources: BID: 108425 // CNNVD: CNNVD-201905-686

SOURCES

db:	VULHUB	id:	VHN-150423
db:	BID	id:	108425
db:	JVNDB	id:	JVNDB-2019-004592
db:	CNNVD	id:	CNNVD-201905-686
db:	NVD	id:	CVE-2019-1811

LAST UPDATE DATE

2024-08-14T13:55:26.989000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-150423	date:	2019-05-23T00:00:00
db:	BID	id:	108425	date:	2019-05-15T00:00:00
db:	JVNDB	id:	JVNDB-2019-004592	date:	2019-06-05T00:00:00
db:	CNNVD	id:	CNNVD-201905-686	date:	2019-05-27T00:00:00
db:	NVD	id:	CVE-2019-1811	date:	2023-03-24T18:14:58.990

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-150423	date:	2019-05-15T00:00:00
db:	BID	id:	108425	date:	2019-05-15T00:00:00
db:	JVNDB	id:	JVNDB-2019-004592	date:	2019-06-05T00:00:00
db:	CNNVD	id:	CNNVD-201905-686	date:	2019-05-15T00:00:00
db:	NVD	id:	CVE-2019-1811	date:	2019-05-15T23:29:01.230