Details of VAR-201909-0176

ID

VAR-201909-0176

CVE

CVE-2019-12662

TITLE

Cisco NX-OS and IOS XE Vulnerabilities related to digital signature verification in software

Trust: 0.8

sources: JVNDB: JVNDB-2019-010195

DESCRIPTION

A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper signature verification during the installation of an Open Virtual Appliance (OVA) image. An authenticated, local attacker could exploit this vulnerability and load a malicious, unsigned OVA image on an affected device. A successful exploit could allow an attacker to perform code execution on a crafted software OVA image. Cisco NX-OS Software and IOS XE are both products of Cisco Corporation. Cisco NX-OS Software is a suite of data center-level operating system software for switches. IOS XE is a set of operating systems developed for its network equipment. A data forgery vulnerability exists in Cisco NX-OS and Cisco IOS XE. Signed OVA image

Trust: 2.34

sources: NVD: CVE-2019-12662 // JVNDB: JVNDB-2019-010195 // CNVD: CNVD-2019-42596 // VULHUB: VHN-144431 // VULMON: CVE-2019-12662

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-42596

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1	Trust: 1.6
vendor:	cisco	model:	nexus 3548-x	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 3064	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 3132c-z	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 7700 2-slot	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 6004	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 3524-xl	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 3172tq-32t	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	8.1\(1\)s5	Trust: 1.0
vendor:	cisco	model:	nexus 3548	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 7700 18-slot	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	8.1\(0.2\)s0	Trust: 1.0
vendor:	cisco	model:	nexus 3524	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 5696q	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 3524-x	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 31108pc-v	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 31108tc-v	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 3172tq	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 3232c	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 7000 18-slot	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 5548p	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	8.1\(0\)bd\(0.20\)	Trust: 1.0
vendor:	cisco	model:	nexus 3172	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 3548-xl	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 31128pq	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 7700 10-slot	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	8.1\(1\)	Trust: 1.0
vendor:	cisco	model:	nexus 7700 6-slot	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 7000 9-slot	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 3264q	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 56128p	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 7000 10-slot	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 5596up	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 3264c-e	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 3172tq-xl	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 5672up	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 34180yc	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 3016	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 5548up	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 5596t	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 3064-t	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 3432d-s	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 7000 4-slot	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 5648q	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 34200yc-sm	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 3132q-xl	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 3408-s	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 3172pq-xl	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 3464c	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 3164q	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 3132q-v	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 3048	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 5624q	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 6001	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 3132q	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 3016	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 3048	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 3064	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 3064-t	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 31108pc-v	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 31108tc-v	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 31128pq	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 3132c-z	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nx-os	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus series switche	scope:	eq	version:	3000	Trust: 0.6
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	6000	Trust: 0.6
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	7700	Trust: 0.6
vendor:	cisco	model:	nexus platform switches	scope:	eq	version:	5600	Trust: 0.6
vendor:	cisco	model:	nexus platform switches	scope:	eq	version:	5500	Trust: 0.6
vendor:	cisco	model:	nexus platform switches	scope:	eq	version:	3500	Trust: 0.6
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	70000	Trust: 0.6
vendor:	cisco	model:	nexus r-series switching platform	scope:	eq	version:	9500	Trust: 0.6
vendor:	cisco	model:	nexus series switches in standalone nx-os mode	scope:	eq	version:	9000	Trust: 0.6
vendor:	cisco	model:	nexus 9000v	scope:	eq	version:	-	Trust: 0.6
vendor:	cisco	model:	nexus 92300yc	scope:	eq	version:	-	Trust: 0.6
vendor:	cisco	model:	nexus 92304qc	scope:	eq	version:	-	Trust: 0.6
vendor:	cisco	model:	mds 9000	scope:	eq	version:	-	Trust: 0.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	8.11	Trust: 0.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	8.10.2s0	Trust: 0.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	8.11s5	Trust: 0.6
vendor:	cisco	model:	nexus 92160yc-x	scope:	eq	version:	-	Trust: 0.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	8.10bd0.20	Trust: 0.6

sources: CNVD: CNVD-2019-42596 // JVNDB: JVNDB-2019-010195 // CNNVD: CNNVD-201909-1145 // NVD: CVE-2019-12662

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-12662
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-12662
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-12662
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-42596
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201909-1145
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-144431
value:	HIGH
Trust: 0.1
VULMON:	CVE-2019-12662
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-12662
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2019-42596
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-144431
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ykramarz@cisco.com:	CVE-2019-12662
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2019-12662
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2019-42596 // VULHUB: VHN-144431 // VULMON: CVE-2019-12662 // JVNDB: JVNDB-2019-010195 // CNNVD: CNNVD-201909-1145 // NVD: CVE-2019-12662 // NVD: CVE-2019-12662

PROBLEMTYPE DATA

problemtype:

CWE-347

Trust: 1.9

sources: VULHUB: VHN-144431 // JVNDB: JVNDB-2019-010195 // NVD: CVE-2019-12662

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201909-1145

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-201909-1145

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-010195

PATCH

title:	cisco-sa-20190925-vman	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-vman	Trust: 0.8
title:	Patch for Cisco NX-OS and Cisco IOS XE Data Forgery Issue Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/192287	Trust: 0.6
title:	Cisco NX-OS and Cisco IOS XE Repair measures for data forgery problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98563	Trust: 0.6
title:	Cisco: Cisco NX-OS and IOS XE Software Virtual Service Image Signature Bypass Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190925-vman	Trust: 0.1

sources: CNVD: CNVD-2019-42596 // VULMON: CVE-2019-12662 // JVNDB: JVNDB-2019-010195 // CNNVD: CNNVD-201909-1145

EXTERNAL IDS

db:	NVD	id:	CVE-2019-12662	Trust: 3.2
db:	JVNDB	id:	JVNDB-2019-010195	Trust: 0.8
db:	CNNVD	id:	CNNVD-201909-1145	Trust: 0.7
db:	CNVD	id:	CNVD-2019-42596	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3619	Trust: 0.6
db:	VULHUB	id:	VHN-144431	Trust: 0.1
db:	VULMON	id:	CVE-2019-12662	Trust: 0.1

sources: CNVD: CNVD-2019-42596 // VULHUB: VHN-144431 // VULMON: CVE-2019-12662 // JVNDB: JVNDB-2019-010195 // CNNVD: CNNVD-201909-1145 // NVD: CVE-2019-12662

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2019-12662	Trust: 2.0
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190925-vman	Trust: 1.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12662	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2019.3619/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-nx-os-ios-xe-privilege-escalation-via-virtual-service-image-signature-bypass-30445	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/347.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2019-42596 // VULHUB: VHN-144431 // VULMON: CVE-2019-12662 // JVNDB: JVNDB-2019-010195 // CNNVD: CNNVD-201909-1145 // NVD: CVE-2019-12662

SOURCES

db:	CNVD	id:	CNVD-2019-42596
db:	VULHUB	id:	VHN-144431
db:	VULMON	id:	CVE-2019-12662
db:	JVNDB	id:	JVNDB-2019-010195
db:	CNNVD	id:	CNNVD-201909-1145
db:	NVD	id:	CVE-2019-12662

LAST UPDATE DATE

2024-11-23T23:01:41.944000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-42596	date:	2019-11-28T00:00:00
db:	VULHUB	id:	VHN-144431	date:	2019-10-09T00:00:00
db:	VULMON	id:	CVE-2019-12662	date:	2019-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-010195	date:	2019-10-08T00:00:00
db:	CNNVD	id:	CNNVD-201909-1145	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2019-12662	date:	2024-11-21T04:23:18.110

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-42596	date:	2019-11-28T00:00:00
db:	VULHUB	id:	VHN-144431	date:	2019-09-25T00:00:00
db:	VULMON	id:	CVE-2019-12662	date:	2019-09-25T00:00:00
db:	JVNDB	id:	JVNDB-2019-010195	date:	2019-10-08T00:00:00
db:	CNNVD	id:	CNNVD-201909-1145	date:	2019-09-25T00:00:00
db:	NVD	id:	CVE-2019-12662	date:	2019-09-25T21:15:11.203