Details of VAR-201905-0535

ID

VAR-201905-0535

CVE

CVE-2019-1812

TITLE

Cisco NX-OS Vulnerabilities related to digital signature verification in software

Trust: 0.8

sources: JVNDB: JVNDB-2019-004593

DESCRIPTION

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device. Cisco NX-OS The software contains a vulnerability related to digital signature verification.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Successfully exploiting these issues may allow an attacker to perform unauthorized actions. This may lead to other attacks. This issue is being tracked by Cisco Bug IDs CSCvj14093, CSCvj14106, CSCvj14182, CSCvk53125, CSCvk53227, CSCvk53256

Trust: 1.98

sources: NVD: CVE-2019-1812 // JVNDB: JVNDB-2019-004593 // BID: 108425 // VULHUB: VHN-150434

AFFECTED PRODUCTS

vendor:	cisco	model:	nx-os	scope:	gte	version:	6.0\(2\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	7.0\(3\)i7\(5\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	9.2\(2\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	gte	version:	7.0\(3\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	gte	version:	9.2	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	7.0\(3\)f3\(5\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nx-os	scope:	eq	version:	9.2	Trust: 0.3
vendor:	cisco	model:	nx-os 7.0 i7	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 7.0 i6	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 7.0 i5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 7.0 i4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 7.0 f3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nexus r-series switching platform	scope:	eq	version:	95000	Trust: 0.3
vendor:	cisco	model:	nexus series switches in standalone nx-os mode	scope:	eq	version:	90000	Trust: 0.3
vendor:	cisco	model:	nexus platform switches	scope:	eq	version:	36000	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	30000	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	ne	version:	9.2(2)	Trust: 0.3
vendor:	cisco	model:	nx-os 7.0 i7	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 7.0 f3	scope:	ne	version:	-	Trust: 0.3

sources: BID: 108425 // JVNDB: JVNDB-2019-004593 // NVD: CVE-2019-1812

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1812
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1812
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-1812
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201905-689
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-150434
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-1812
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-150434
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ykramarz@cisco.com:	CVE-2019-1812
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2019-1812
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-150434 // JVNDB: JVNDB-2019-004593 // CNNVD: CNNVD-201905-689 // NVD: CVE-2019-1812 // NVD: CVE-2019-1812

PROBLEMTYPE DATA

problemtype:

CWE-347

Trust: 1.9

sources: VULHUB: VHN-150434 // JVNDB: JVNDB-2019-004593 // NVD: CVE-2019-1812

THREAT TYPE

local

Trust: 0.9

sources: BID: 108425 // CNNVD: CNNVD-201905-689

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-201905-689

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004593

PATCH

title:	cisco-sa-20190515-nxos-sisv2	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-sisv2	Trust: 0.8
title:	Cisco NX-OS Software Repair measures for data forgery problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92813	Trust: 0.6

sources: JVNDB: JVNDB-2019-004593 // CNNVD: CNNVD-201905-689

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1812	Trust: 2.8
db:	BID	id:	108425	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-004593	Trust: 0.8
db:	AUSCERT	id:	ESB-2019.1756.4	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.1756.3	Trust: 0.6
db:	CNNVD	id:	CNNVD-201905-689	Trust: 0.6
db:	VULHUB	id:	VHN-150434	Trust: 0.1

sources: VULHUB: VHN-150434 // BID: 108425 // JVNDB: JVNDB-2019-004593 // CNNVD: CNNVD-201905-689 // NVD: CVE-2019-1812

REFERENCES

url:	http://www.securityfocus.com/bid/108425	Trust: 2.3
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-sisv2	Trust: 2.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1812	Trust: 1.4
url:	http://www.cisco.com/	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1812	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-ssh-info	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-rpm-injec	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-pyth-escal	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-psvb	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-nxapi-xss	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-linecardinj-1769	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1791	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1790	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmd-inject-1784	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1783	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1778	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1776	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1770	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1735	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1774-1775	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cli-bypass	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-overflow-inj	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-bash-bypass	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-file-write	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.1756.3/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/81106	Trust: 0.6

sources: VULHUB: VHN-150434 // BID: 108425 // JVNDB: JVNDB-2019-004593 // CNNVD: CNNVD-201905-689 // NVD: CVE-2019-1812

CREDITS

Cisco

Trust: 0.9

sources: BID: 108425 // CNNVD: CNNVD-201905-689

SOURCES

db:	VULHUB	id:	VHN-150434
db:	BID	id:	108425
db:	JVNDB	id:	JVNDB-2019-004593
db:	CNNVD	id:	CNNVD-201905-689
db:	NVD	id:	CVE-2019-1812

LAST UPDATE DATE

2024-08-14T13:55:27.119000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-150434	date:	2019-05-23T00:00:00
db:	BID	id:	108425	date:	2019-05-15T00:00:00
db:	JVNDB	id:	JVNDB-2019-004593	date:	2019-06-05T00:00:00
db:	CNNVD	id:	CNNVD-201905-689	date:	2019-05-27T00:00:00
db:	NVD	id:	CVE-2019-1812	date:	2023-03-24T18:15:20.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-150434	date:	2019-05-15T00:00:00
db:	BID	id:	108425	date:	2019-05-15T00:00:00
db:	JVNDB	id:	JVNDB-2019-004593	date:	2019-06-05T00:00:00
db:	CNNVD	id:	CNNVD-201905-689	date:	2019-05-15T00:00:00
db:	NVD	id:	CVE-2019-1812	date:	2019-05-15T23:29:01.277