Sign-up

ID

VAR-201905-0608


CVE

CVE-2019-1587


TITLE

Cisco Nexus 9000 Series Fabric Switch Resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-003902

DESCRIPTION

A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, remote attacker to access sensitive information. The vulnerability occurs because the affected software does not properly validate user-supplied input. An attacker could exploit this vulnerability by issuing certain commands with filtered query results on the device. This action may cause returned messages to display confidential system information. A successful exploit could allow the attacker to read sensitive information on the device. Cisco Nexus 9000 Series Fabric Switch Contains a resource management vulnerability.Information may be obtained. This issue is being tracked by Cisco Bug ID CSCvn09825. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products

Trust: 1.98

sources: NVD: CVE-2019-1587 // JVNDB: JVNDB-2019-003902 // BID: 108141 // VULHUB: VHN-147959

AFFECTED PRODUCTS

vendor:ciscomodel:nx-osscope:eqversion:8.3\(0\)sk\(0.39\)

Trust: 1.0

vendor:ciscomodel:nx-osscope: - version: -

Trust: 0.8

vendor:ciscomodel:nx-os softwarescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:nexus series switches 8.3 skscope:eqversion:9000

Trust: 0.3

sources: BID: 108141 // JVNDB: JVNDB-2019-003902 // NVD: CVE-2019-1587

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1587
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1587
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1587
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201905-030
value: MEDIUM

Trust: 0.6

VULHUB: VHN-147959
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1587
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-147959
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-1587
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-1587
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-147959 // JVNDB: JVNDB-2019-003902 // CNNVD: CNNVD-201905-030 // NVD: CVE-2019-1587 // NVD: CVE-2019-1587

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

problemtype:CWE-20

Trust: 1.1

sources: VULHUB: VHN-147959 // JVNDB: JVNDB-2019-003902 // NVD: CVE-2019-1587

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-030

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 108141 // CNNVD: CNNVD-201905-030

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003902

PATCH
title:cisco-sa-20190501-aci-filter-queryurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-aci-filter-query
Trust: 0.8
title:Cisco Nexus 9000 Series Fabric Switches Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92181
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-003902 // 
            
            
            
            CNNVD: CNNVD-201905-030

EXTERNAL IDS
db:NVDid:CVE-2019-1587
Trust: 2.8
db:BIDid:108141
Trust: 1.0
db:JVNDBid:JVNDB-2019-003902
Trust: 0.8
db:CNNVDid:CNNVD-201905-030
Trust: 0.7
db:AUSCERTid:ESB-2019.1508.4
Trust: 0.6
db:VULHUBid:VHN-147959
Trust: 0.1
sources:
            
            
            VULHUB: VHN-147959 // 
            
            
            
            BID: 108141 // 
            
            
            
            JVNDB: JVNDB-2019-003902 // 
            
            
            
            CNNVD: CNNVD-201905-030 // 
            
            
            
            NVD: CVE-2019-1587

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190501-aci-filter-query
Trust: 2.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-1587
Trust: 1.4
url:http://www.cisco.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1587
Trust: 0.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190501-nexus9k-rpe
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-nexus-9000-aci-information-disclosure-via-filter-query-29179
Trust: 0.6
url:https://www.auscert.org.au/bulletins/80070
Trust: 0.6
url:https://www.securityfocus.com/bid/108141
Trust: 0.6
sources:
            
            
            VULHUB: VHN-147959 // 
            
            
            
            BID: 108141 // 
            
            
            
            JVNDB: JVNDB-2019-003902 // 
            
            
            
            CNNVD: CNNVD-201905-030 // 
            
            
            
            NVD: CVE-2019-1587

CREDITS
Octav Opaschi of Detack GmbH .
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201905-030

SOURCES
db:VULHUBid:VHN-147959
db:BIDid:108141
db:JVNDBid:JVNDB-2019-003902
db:CNNVDid:CNNVD-201905-030
db:NVDid:CVE-2019-1587

LAST UPDATE DATE
2024-08-14T13:01:08.712000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-147959date:2020-10-13T00:00:00
db:BIDid:108141date:2019-05-01T00:00:00
db:JVNDBid:JVNDB-2019-003902date:2019-05-23T00:00:00
db:CNNVDid:CNNVD-201905-030date:2020-10-28T00:00:00
db:NVDid:CVE-2019-1587date:2020-10-13T20:04:42.083

SOURCES RELEASE DATE
db:VULHUBid:VHN-147959date:2019-05-03T00:00:00
db:BIDid:108141date:2019-05-01T00:00:00
db:JVNDBid:JVNDB-2019-003902date:2019-05-23T00:00:00
db:CNNVDid:CNNVD-201905-030date:2019-05-01T00:00:00
db:NVDid:CVE-2019-1587date:2019-05-03T15:29:00.430