ID

VAR-201905-0609


CVE

CVE-2019-1589


TITLE

Cisco Nexus 9000 Series Fabric Switches Information disclosure vulnerability in Japanese software

Trust: 0.8

sources: JVNDB: JVNDB-2019-004459

DESCRIPTION

A vulnerability in the Trusted Platform Module (TPM) functionality of software for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, local attacker with physical access to view sensitive information on an affected device. The vulnerability is due to a lack of proper data-protection mechanisms for disk encryption keys that are used within the partitions on an affected device hard drive. An attacker could exploit this vulnerability by obtaining physical access to the affected device to view certain cleartext keys. A successful exploit could allow the attacker to execute a custom boot process or conduct further attacks on an affected device. Cisco Nexus 9000 Series Fabric Switches Software contains an information disclosure vulnerability.Information may be obtained. This issue is being tracked by Cisco Bug ID CSCvn09807. This vulnerability stems from configuration errors in network systems or products during operation

Trust: 1.98

sources: NVD: CVE-2019-1589 // JVNDB: JVNDB-2019-004459 // BID: 108175 // VULHUB: VHN-147981

AFFECTED PRODUCTS

vendor:ciscomodel:nx-osscope:eqversion:8.3\(0\)sk\(0.39\)

Trust: 1.0

vendor:ciscomodel:nx-osscope: - version: -

Trust: 0.8

vendor:ciscomodel:nx-os softwarescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:nexus series switches 8.3 skscope:eqversion:9000

Trust: 0.3

sources: BID: 108175 // JVNDB: JVNDB-2019-004459 // NVD: CVE-2019-1589

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1589
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1589
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1589
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201905-046
value: MEDIUM

Trust: 0.6

VULHUB: VHN-147981
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-1589
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-147981
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1589
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1589
baseSeverity: MEDIUM
baseScore: 4.2
vectorString: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: PHYSICAL
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.5
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: CVE-2019-1589
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-147981 // JVNDB: JVNDB-2019-004459 // CNNVD: CNNVD-201905-046 // NVD: CVE-2019-1589 // NVD: CVE-2019-1589

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

problemtype:CWE-311

Trust: 1.1

sources: VULHUB: VHN-147981 // JVNDB: JVNDB-2019-004459 // NVD: CVE-2019-1589

THREAT TYPE

local

Trust: 0.9

sources: BID: 108175 // CNNVD: CNNVD-201905-046

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201905-046

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004459

PATCH

title:cisco-sa-20190501-aci-unmeasured-booturl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-aci-unmeasured-boot

Trust: 0.8

sources: JVNDB: JVNDB-2019-004459

EXTERNAL IDS

db:NVDid:CVE-2019-1589

Trust: 2.8

db:BIDid:108175

Trust: 2.0

db:JVNDBid:JVNDB-2019-004459

Trust: 0.8

db:CNNVDid:CNNVD-201905-046

Trust: 0.7

db:VULHUBid:VHN-147981

Trust: 0.1

sources: VULHUB: VHN-147981 // BID: 108175 // JVNDB: JVNDB-2019-004459 // CNNVD: CNNVD-201905-046 // NVD: CVE-2019-1589

REFERENCES

url:http://www.securityfocus.com/bid/108175

Trust: 2.3

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190501-aci-unmeasured-boot

Trust: 2.0

url:https://nvd.nist.gov/vuln/detail/cve-2019-1589

Trust: 1.4

url:http://www.cisco.com/

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1589

Trust: 0.8

url:https://vigilance.fr/vulnerability/cisco-nexus-9000-aci-information-disclosure-via-unmeasured-boot-29183

Trust: 0.6

sources: VULHUB: VHN-147981 // BID: 108175 // JVNDB: JVNDB-2019-004459 // CNNVD: CNNVD-201905-046 // NVD: CVE-2019-1589

CREDITS

Costin Enache of Detack GmbH.,Costin Enache of Detack GmbH .

Trust: 0.6

sources: CNNVD: CNNVD-201905-046

SOURCES

db:VULHUBid:VHN-147981
db:BIDid:108175
db:JVNDBid:JVNDB-2019-004459
db:CNNVDid:CNNVD-201905-046
db:NVDid:CVE-2019-1589

LAST UPDATE DATE

2024-11-23T22:37:52.454000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-147981date:2020-10-13T00:00:00
db:BIDid:108175date:2019-05-01T00:00:00
db:JVNDBid:JVNDB-2019-004459date:2019-06-03T00:00:00
db:CNNVDid:CNNVD-201905-046date:2020-10-14T00:00:00
db:NVDid:CVE-2019-1589date:2024-11-21T04:36:52.180

SOURCES RELEASE DATE

db:VULHUBid:VHN-147981date:2019-05-03T00:00:00
db:BIDid:108175date:2019-05-01T00:00:00
db:JVNDBid:JVNDB-2019-004459date:2019-06-03T00:00:00
db:CNNVDid:CNNVD-201905-046date:2019-05-01T00:00:00
db:NVDid:CVE-2019-1589date:2019-05-03T15:29:00.510