Details of VAR-201905-1309

ID

VAR-201905-1309

CVE

CVE-2019-1732

TITLE

Cisco NX-OS In software OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-004601

DESCRIPTION

A vulnerability in the Remote Package Manager (RPM) subsystem of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to leverage a time-of-check, time-of-use (TOCTOU) race condition to corrupt local variables, which could lead to arbitrary command injection. The vulnerability is due to the lack of a proper locking mechanism on critical variables that need to stay static until used. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a set of RPM-related CLI commands. A successful exploit could allow the attacker to perform arbitrary command injection. The attacker would need administrator credentials for the targeted device. Cisco NX-OS The software includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco NX-OS Software is prone to a local command-injection vulnerability. This issue is being tracked by Cisco Bug IDs CSCvi01453 and CSCvj00550. The vulnerability stems from the fact that the network system or product does not correctly filter special characters, commands, etc. in the process of constructing executable commands of the operating system from external input data. The following products and versions are affected: Cisco Nexus 3000 Series Switches; Nexus 3500 Platform Switches; Nexus 3600 Platform Switches; Nexus 9000 Series Switches in standalone NX-OS mode; Nexus 9500 R-Series Switching Platform

Trust: 1.98

sources: NVD: CVE-2019-1732 // JVNDB: JVNDB-2019-004601 // BID: 108361 // VULHUB: VHN-149554

AFFECTED PRODUCTS

vendor:	cisco	model:	nx-os	scope:	gte	version:	7.0\(3\)i4	Trust: 1.0
vendor:	cisco	model:	nx os	scope:	gte	version:	7.0\(3\)	Trust: 1.0
vendor:	cisco	model:	nx os	scope:	lt	version:	7.0\(3\)f3\(5\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lt	version:	7.0\(3\)i7\(4\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nx-os 7.0 i7	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 7.0 i4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	7.0(3)	Trust: 0.3
vendor:	cisco	model:	nexus r-series switching platform	scope:	eq	version:	95000	Trust: 0.3
vendor:	cisco	model:	nexus series switches in standalone nx-os mode	scope:	eq	version:	90000	Trust: 0.3
vendor:	cisco	model:	nexus platform switches	scope:	eq	version:	36000	Trust: 0.3
vendor:	cisco	model:	nexus platform switches	scope:	eq	version:	35000	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	30000	Trust: 0.3
vendor:	cisco	model:	nx-os 7.0 i7	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 7.0 i4	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 7.0 f3	scope:	ne	version:	-	Trust: 0.3

sources: BID: 108361 // JVNDB: JVNDB-2019-004601 // NVD: CVE-2019-1732

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1732
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1732
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-1732
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201905-646
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-149554
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-1732
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-149554
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ykramarz@cisco.com:	CVE-2019-1732
baseSeverity:	MEDIUM
baseScore:	6.4
vectorString:	CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.5
impactScore:	5.9
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2019-1732
baseSeverity:	MEDIUM
baseScore:	6.4
vectorString:	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.5
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-149554 // JVNDB: JVNDB-2019-004601 // CNNVD: CNNVD-201905-646 // NVD: CVE-2019-1732 // NVD: CVE-2019-1732

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.9
problemtype:	CWE-667	Trust: 1.1

sources: VULHUB: VHN-149554 // JVNDB: JVNDB-2019-004601 // NVD: CVE-2019-1732

THREAT TYPE

local

Trust: 0.9

sources: BID: 108361 // CNNVD: CNNVD-201905-646

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201905-646

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004601

PATCH

title:	cisco-sa-20190515-nxos-rpm-injec	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-rpm-injec	Trust: 0.8
title:	Cisco NX-OS Software Remote Package Manager Subsystem operating system command injection vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92772	Trust: 0.6

sources: JVNDB: JVNDB-2019-004601 // CNNVD: CNNVD-201905-646

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1732	Trust: 2.8
db:	BID	id:	108361	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-004601	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-646	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.1756.4	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.1756.3	Trust: 0.6
db:	VULHUB	id:	VHN-149554	Trust: 0.1

sources: VULHUB: VHN-149554 // BID: 108361 // JVNDB: JVNDB-2019-004601 // CNNVD: CNNVD-201905-646 // NVD: CVE-2019-1732

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-rpm-injec	Trust: 2.6
url:	http://www.securityfocus.com/bid/108361	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1732	Trust: 1.4
url:	http://www.cisco.com/	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1732	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-ssh-info	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-pyth-escal	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-psvb	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-nxapi-xss	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-linecardinj-1769	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1791	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1790	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmd-inject-1784	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1783	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1778	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1776	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1770	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1735	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1774-1775	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cli-bypass	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-overflow-inj	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-bash-bypass	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-file-write	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-sisv2	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-nx-os-code-execution-via-rpm-29331	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.1756.3/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/81106	Trust: 0.6

sources: VULHUB: VHN-149554 // BID: 108361 // JVNDB: JVNDB-2019-004601 // CNNVD: CNNVD-201905-646 // NVD: CVE-2019-1732

CREDITS

Cisco.

Trust: 0.9

sources: BID: 108361 // CNNVD: CNNVD-201905-646

SOURCES

db:	VULHUB	id:	VHN-149554
db:	BID	id:	108361
db:	JVNDB	id:	JVNDB-2019-004601
db:	CNNVD	id:	CNNVD-201905-646
db:	NVD	id:	CVE-2019-1732

LAST UPDATE DATE

2024-08-14T13:55:27.216000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-149554	date:	2021-11-03T00:00:00
db:	BID	id:	108361	date:	2019-05-15T00:00:00
db:	JVNDB	id:	JVNDB-2019-004601	date:	2019-06-05T00:00:00
db:	CNNVD	id:	CNNVD-201905-646	date:	2021-11-04T00:00:00
db:	NVD	id:	CVE-2019-1732	date:	2021-11-03T15:23:39.460

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-149554	date:	2019-05-15T00:00:00
db:	BID	id:	108361	date:	2019-05-15T00:00:00
db:	JVNDB	id:	JVNDB-2019-004601	date:	2019-06-05T00:00:00
db:	CNNVD	id:	CNNVD-201905-646	date:	2019-05-15T00:00:00
db:	NVD	id:	CVE-2019-1732	date:	2019-05-15T17:29:01.843