ID

VAR-201905-0608


CVE

CVE-2019-1587


TITLE

Cisco Nexus 9000 Series Fabric Switch Resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-003902

DESCRIPTION

A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, remote attacker to access sensitive information. The vulnerability occurs because the affected software does not properly validate user-supplied input. An attacker could exploit this vulnerability by issuing certain commands with filtered query results on the device. This action may cause returned messages to display confidential system information. A successful exploit could allow the attacker to read sensitive information on the device. Cisco Nexus 9000 Series Fabric Switch Contains a resource management vulnerability.Information may be obtained. This issue is being tracked by Cisco Bug ID CSCvn09825. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products

Trust: 1.98

sources: NVD: CVE-2019-1587 // JVNDB: JVNDB-2019-003902 // BID: 108141 // VULHUB: VHN-147959

AFFECTED PRODUCTS

vendor:ciscomodel:nx-osscope:eqversion:8.3\(0\)sk\(0.39\)

Trust: 1.0

vendor:ciscomodel:nx-osscope: - version: -

Trust: 0.8

vendor:ciscomodel:nx-os softwarescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:nexus series switches 8.3 skscope:eqversion:9000

Trust: 0.3

sources: BID: 108141 // JVNDB: JVNDB-2019-003902 // NVD: CVE-2019-1587

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1587
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1587
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1587
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201905-030
value: MEDIUM

Trust: 0.6

VULHUB: VHN-147959
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1587
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-147959
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-1587
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-1587
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-147959 // JVNDB: JVNDB-2019-003902 // CNNVD: CNNVD-201905-030 // NVD: CVE-2019-1587 // NVD: CVE-2019-1587

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

problemtype:CWE-20

Trust: 1.1

sources: VULHUB: VHN-147959 // JVNDB: JVNDB-2019-003902 // NVD: CVE-2019-1587

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-030

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 108141 // CNNVD: CNNVD-201905-030

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003902

PATCH

title:cisco-sa-20190501-aci-filter-queryurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-aci-filter-query

Trust: 0.8

title:Cisco Nexus 9000 Series Fabric Switches Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92181

Trust: 0.6

sources: JVNDB: JVNDB-2019-003902 // CNNVD: CNNVD-201905-030

EXTERNAL IDS

db:NVDid:CVE-2019-1587

Trust: 2.8

db:BIDid:108141

Trust: 1.0

db:JVNDBid:JVNDB-2019-003902

Trust: 0.8

db:CNNVDid:CNNVD-201905-030

Trust: 0.7

db:AUSCERTid:ESB-2019.1508.4

Trust: 0.6

db:VULHUBid:VHN-147959

Trust: 0.1

sources: VULHUB: VHN-147959 // BID: 108141 // JVNDB: JVNDB-2019-003902 // CNNVD: CNNVD-201905-030 // NVD: CVE-2019-1587

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190501-aci-filter-query

Trust: 2.0

url:https://nvd.nist.gov/vuln/detail/cve-2019-1587

Trust: 1.4

url:http://www.cisco.com/

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1587

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190501-nexus9k-rpe

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-nexus-9000-aci-information-disclosure-via-filter-query-29179

Trust: 0.6

url:https://www.auscert.org.au/bulletins/80070

Trust: 0.6

url:https://www.securityfocus.com/bid/108141

Trust: 0.6

sources: VULHUB: VHN-147959 // BID: 108141 // JVNDB: JVNDB-2019-003902 // CNNVD: CNNVD-201905-030 // NVD: CVE-2019-1587

CREDITS

Octav Opaschi of Detack GmbH .

Trust: 0.6

sources: CNNVD: CNNVD-201905-030

SOURCES

db:VULHUBid:VHN-147959
db:BIDid:108141
db:JVNDBid:JVNDB-2019-003902
db:CNNVDid:CNNVD-201905-030
db:NVDid:CVE-2019-1587

LAST UPDATE DATE

2024-08-14T13:01:08.712000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-147959date:2020-10-13T00:00:00
db:BIDid:108141date:2019-05-01T00:00:00
db:JVNDBid:JVNDB-2019-003902date:2019-05-23T00:00:00
db:CNNVDid:CNNVD-201905-030date:2020-10-28T00:00:00
db:NVDid:CVE-2019-1587date:2020-10-13T20:04:42.083

SOURCES RELEASE DATE

db:VULHUBid:VHN-147959date:2019-05-03T00:00:00
db:BIDid:108141date:2019-05-01T00:00:00
db:JVNDBid:JVNDB-2019-003902date:2019-05-23T00:00:00
db:CNNVDid:CNNVD-201905-030date:2019-05-01T00:00:00
db:NVDid:CVE-2019-1587date:2019-05-03T15:29:00.430