var-201905-0242
Vulnerability from variot
A vulnerability in the Secure Configuration Validation functionality of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to run arbitrary commands at system boot time with the privileges of root. The vulnerability is due to a lack of proper validation of system files when the persistent configuration information is read from the file system. An attacker could exploit this vulnerability by authenticating to the device and overwriting the persistent configuration storage with malicious executable files. An exploit could allow the attacker to run arbitrary commands at system startup and those commands will run as the root user. The attacker must have valid administrative credentials for the device. Cisco FXOS Software and Cisco NX-OS The software contains a vulnerability related to digital signature verification.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco FXOS and NX-OS Software are prone to an local command-injection vulnerability. This issue is being tracked by Cisco Bug IDs CSCvh20223, CSCvi96577, CSCvi96578, CSCvi96579, CSCvi96580, CSCvi96583 and CSCvi96584. Cisco Firepower 4100 Series, etc. are all products of Cisco (Cisco). Cisco Firepower 4100 Series is a 4100 series firewall device. Cisco Nexus 3000 Series Switches is a 3000 series switch. Cisco Nexus 3500 Platform Switches is a 3500 series platform switch. The vulnerability stems from a network system or product not adequately verifying the origin or authenticity of data. Attackers can use forged data to attack. The following products and versions are affected: Cisco Firepower 4100 Series ; Firepower 9300 Security Appliances ; MDS 9000 Series Multilayer Switches ; Nexus 3000 Series Switches ; Nexus 3500 Platform Switches ; Nexus 3600 Platform Switches ; Nexus 5500 Platform Switches ; Nexus 5600 Platform Switches ; Nexus 6000 Series Switches; Nexus 7000 Series Switches; Nexus 7700 Series Switches; Nexus 9000 Series Switches in standalone NX-OS mode; Nexus 9500 R-Series Switching Platform; UCS 6200 Series Fabric Interconnects; UCS 6300 Series Fabric
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201905-0242", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "nx-os", "scope": "gte", "trust": 1.0, "vendor": "cisco", "version": "6.0\\(2\\)a8" }, { "model": "nx-os", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "6.0\\(2\\)a8\\(11\\)" }, { "model": "nx-os", "scope": "gte", "trust": 1.0, "vendor": "cisco", "version": "8.1" }, { "model": "nx-os", "scope": "gte", "trust": 1.0, "vendor": "cisco", "version": "6.2" }, { "model": "nx-os", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "2.4.1.101" }, { "model": "nx-os", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "7.3\\(4\\)n1\\(1\\)" }, { "model": "nx-os", "scope": "gte", "trust": 1.0, "vendor": "cisco", "version": "8.2" }, { "model": "nx-os", "scope": "gte", "trust": 1.0, "vendor": "cisco", "version": "7.3" }, { "model": "nx-os", "scope": "gte", "trust": 1.0, "vendor": "cisco", "version": "8.0" }, { "model": "nx-os", "scope": "gte", "trust": 1.0, "vendor": "cisco", "version": "7.2" }, { "model": "nx-os", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "7.3\\(3\\)d1\\(1\\)" }, { "model": "nx-os", "scope": "gte", "trust": 1.0, "vendor": "cisco", "version": "4.0" }, { "model": "nx-os", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "6.2\\(22\\)" }, { "model": "nx-os", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "4.0\\(1a\\)" }, { "model": "nx-os", "scope": "gte", "trust": 1.0, "vendor": "cisco", "version": "2.4" }, { "model": "nx-os", "scope": "gte", "trust": 1.0, "vendor": "cisco", "version": "7.0\\(3\\)i7" }, { "model": "nx-os", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "8.1\\(1b\\)" }, { "model": "nx-os", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "7.0\\(3\\)i7\\(3\\)" }, { "model": "nx-os", "scope": "gte", "trust": 1.0, "vendor": "cisco", "version": "7.0\\(3\\)" }, { "model": "nx-os", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "8.3\\(1\\)" }, { "model": "nx-os", "scope": null, "trust": 0.8, "vendor": "cisco", "version": null }, { "model": "ucs series fabric interconnects", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "63000" }, { "model": "ucs series fabric interconnects", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "62000" }, { "model": "nx-os software for ucs series fabric interconnects", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "63004.0" }, { "model": "nx-os software for ucs series fabric interconnects", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "62004.0" }, { "model": "nx-os software for nexus r-series switching platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "95007.0(3)" }, { "model": "nx-os software for nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90009.2(1)" }, { "model": "nx-os software for nexus series switches 7.0 i7", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9000" }, { "model": "nx-os software for nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "77008.3" }, { "model": "nx-os software for nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "77008.2" }, { "model": "nx-os software for nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "77008.1" }, { "model": "nx-os software for nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "77008.0" }, { "model": "nx-os software for nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "77007.3" }, { "model": "nx-os software for nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "77007.2" }, { "model": "nx-os software for nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "77006.2" }, { "model": "nx-os software for nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70008.3" }, { "model": "nx-os software for nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70008.2" }, { "model": "nx-os software for nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70008.1" }, { "model": "nx-os software for nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70008.0" }, { "model": "nx-os software for nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70007.3" }, { "model": "nx-os software for nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70007.2" }, { "model": "nx-os software for nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70006.2" }, { "model": "nx-os software for nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60007.3" }, { "model": "nx-os software for nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "56007.3" }, { "model": "nx-os software for nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "55007.3" }, { "model": "nx-os software for nexus platform switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "36007.0(3)" }, { "model": "nx-os software for nexus platform switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "35007.0(3)" }, { "model": "nx-os software for nexus platform switches 6.0 a8", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3500" }, { "model": "nx-os software for nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30009.2(1)" }, { "model": "nx-os software for nexus series switches 7.0 i7", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "nx-os software for mds series multilayer switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90008.3" }, { "model": "nx-os software for mds series multilayer switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90008.2" }, { "model": "nx-os software for mds series multilayer switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90008.1" }, { "model": "nexus r-series switching platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "95000" }, { "model": "nexus series switches in standalone nx-os mode", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "77000" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "nexus platform switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "56000" }, { "model": "nexus platform switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "55000" }, { "model": "nexus platform switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "36000" }, { "model": "nexus platform switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "35000" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "mds series multilayer switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "fxos software for firepower series appliances", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "93002.4" }, { "model": "fxos software for firepower series appliances", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "41002.4" }, { "model": "firepower security appliances", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "93000" }, { "model": "firepower series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "41000" }, { "model": "nx-os software for ucs series fabric interconnects 4.0", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6300" }, { "model": "nx-os software for ucs series fabric interconnects 4.0", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6200" }, { "model": "nx-os software for nexus r-series switching platform 7.0 f3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9500" }, { "model": "nx-os software for nexus series switches 7.0 i7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000" }, { "model": "nx-os software for nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "77008.3(1)" }, { "model": "nx-os software for nexus series switches 7.3 d1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7700" }, { "model": "nx-os software for nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "77006.2(22)" }, { "model": "nx-os software for nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70008.3(1)" }, { "model": "nx-os software for nexus series switches 7.3 d1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7000" }, { "model": "nx-os software for nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70006.2(22)" }, { "model": "nx-os software for nexus series switches 7.3 n1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6000" }, { "model": "nx-os software for nexus series switches 7.3 n1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5600" }, { "model": "nx-os software for nexus series switches 7.3 n1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5500" }, { "model": "nx-os software for nexus platform switches 7.0 f3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3600" }, { "model": "nx-os software for nexus platform switches 7.0 i7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3500" }, { "model": "nx-os software for nexus platform switches 6.0 a8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3500" }, { "model": "nx-os software for nexus series switches 7.0 i7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "nx-os software for mds series multilayer switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "90008.3(1)" }, { "model": "nx-os software for mds series multilayer switches 8.1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000" }, { "model": "fxos software for firepower series appliances", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "93002.4.1.101" }, { "model": "fxos software for firepower series appliances", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "41002.4.1.101" } ], "sources": [ { "db": "BID", "id": "108391" }, { "db": "JVNDB", "id": "JVNDB-2019-004598" }, { "db": "NVD", "id": "CVE-2019-1728" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.3\\(1\\)", "versionStartIncluding": "8.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.1\\(1b\\)", "versionStartIncluding": "8.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:cisco:mds_9500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:mds_9700:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:mds_9000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:mds_9100:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:mds_9200:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.0\\(3\\)i7\\(3\\)", "versionStartIncluding": "7.0\\(3\\)i7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3600:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3200:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3400:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3100-z:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3100v:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9300:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3100:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_9200:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.0\\(2\\)a8\\(11\\)", "versionStartIncluding": "6.0\\(2\\)a8", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.0\\(3\\)i7\\(3\\)", "versionStartIncluding": "7.0\\(3\\)", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3548-x:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3548-xl:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3524-x:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_3524-xl:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.3\\(4\\)n1\\(1\\)", "versionStartIncluding": "7.3", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:cisco:nexus_6000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_5500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_5600:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.3\\(1\\)", "versionStartIncluding": "8.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.2\\(22\\)", "versionStartIncluding": "6.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.3\\(3\\)d1\\(1\\)", "versionStartIncluding": "7.2", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:nexus_7700:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.0\\(1a\\)", "versionStartIncluding": "4.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:cisco:usc_6324:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:ucs_6248up:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:ucs_6296up:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:ucs_6332:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:usc_6332-16up:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.4.1.101", "versionStartIncluding": "2.4", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:cisco:firepower_4145:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:firepower_4150:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:firepower_4125:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:firepower_4140:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:firepower_4110:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:firepower_9300:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:firepower_4115:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:cisco:firepower_4120:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-1728" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Cisco.", "sources": [ { "db": "BID", "id": "108391" }, { "db": "CNNVD", "id": "CNNVD-201905-642" } ], "trust": 0.9 }, "cve": "CVE-2019-1728", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 7.2, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2019-1728", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "VHN-149510", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 0.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 6.7, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2019-1728", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "High", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-1728", "trust": 1.8, "value": "MEDIUM" }, { "author": "ykramarz@cisco.com", "id": "CVE-2019-1728", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201905-642", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-149510", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-149510" }, { "db": "JVNDB", "id": "JVNDB-2019-004598" }, { "db": "NVD", "id": "CVE-2019-1728" }, { "db": "NVD", "id": "CVE-2019-1728" }, { "db": "CNNVD", "id": "CNNVD-201905-642" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability in the Secure Configuration Validation functionality of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to run arbitrary commands at system boot time with the privileges of root. The vulnerability is due to a lack of proper validation of system files when the persistent configuration information is read from the file system. An attacker could exploit this vulnerability by authenticating to the device and overwriting the persistent configuration storage with malicious executable files. An exploit could allow the attacker to run arbitrary commands at system startup and those commands will run as the root user. The attacker must have valid administrative credentials for the device. Cisco FXOS Software and Cisco NX-OS The software contains a vulnerability related to digital signature verification.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco FXOS and NX-OS Software are prone to an local command-injection vulnerability. \nThis issue is being tracked by Cisco Bug IDs CSCvh20223, CSCvi96577, CSCvi96578, CSCvi96579, CSCvi96580, CSCvi96583 and CSCvi96584. Cisco Firepower 4100 Series, etc. are all products of Cisco (Cisco). Cisco Firepower 4100 Series is a 4100 series firewall device. Cisco Nexus 3000 Series Switches is a 3000 series switch. Cisco Nexus 3500 Platform Switches is a 3500 series platform switch. The vulnerability stems from a network system or product not adequately verifying the origin or authenticity of data. Attackers can use forged data to attack. The following products and versions are affected: Cisco Firepower 4100 Series ; Firepower 9300 Security Appliances ; MDS 9000 Series Multilayer Switches ; Nexus 3000 Series Switches ; Nexus 3500 Platform Switches ; Nexus 3600 Platform Switches ; Nexus 5500 Platform Switches ; Nexus 5600 Platform Switches ; Nexus 6000 Series Switches; Nexus 7000 Series Switches; Nexus 7700 Series Switches; Nexus 9000 Series Switches in standalone NX-OS mode; Nexus 9500 R-Series Switching Platform; UCS 6200 Series Fabric Interconnects; UCS 6300 Series Fabric", "sources": [ { "db": "NVD", "id": "CVE-2019-1728" }, { "db": "JVNDB", "id": "JVNDB-2019-004598" }, { "db": "BID", "id": "108391" }, { "db": "VULHUB", "id": "VHN-149510" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-1728", "trust": 2.8 }, { "db": "BID", "id": "108391", "trust": 2.0 }, { "db": "JVNDB", "id": "JVNDB-2019-004598", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201905-642", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.1759.4", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.1759.3", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.1759.5", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-149510", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-149510" }, { "db": "BID", "id": "108391" }, { "db": "JVNDB", "id": "JVNDB-2019-004598" }, { "db": "NVD", "id": "CVE-2019-1728" }, { "db": "CNNVD", "id": "CNNVD-201905-642" } ] }, "id": "VAR-201905-0242", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-149510" } ], "trust": 0.63604554375 }, "last_update_date": "2023-12-18T12:18:03.024000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "cisco-sa-20190515-nxos-conf-bypass", "trust": 0.8, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-conf-bypass" }, { "title": "Cisco NX-OS Software and Cisco FXOS Software Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92768" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-004598" }, { "db": "CNNVD", "id": "CNNVD-201905-642" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-347", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-149510" }, { "db": "JVNDB", "id": "JVNDB-2019-004598" }, { "db": "NVD", "id": "CVE-2019-1728" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "http://www.securityfocus.com/bid/108391" }, { "trust": 2.0, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-conf-bypass" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1728" }, { "trust": 0.9, "url": "http://www.cisco.com/" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1728" }, { "trust": 0.6, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-fxos-nxos-cmdinj-1781-1782" }, { "trust": 0.6, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-snmp-dos" }, { "trust": 0.6, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-fxos-info" }, { "trust": 0.6, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-cmdinj-1795" }, { "trust": 0.6, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-fxos-cmdinj-1780" }, { "trust": 0.6, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190515-nxos-fxos-cmdinj-1779" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.1759.5/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.1759.4/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.1759.3/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/81118" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/cisco-nx-os-code-execution-at-boot-time-29327" } ], "sources": [ { "db": "VULHUB", "id": "VHN-149510" }, { "db": "BID", "id": "108391" }, { "db": "JVNDB", "id": "JVNDB-2019-004598" }, { "db": "NVD", "id": "CVE-2019-1728" }, { "db": "CNNVD", "id": "CNNVD-201905-642" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-149510" }, { "db": "BID", "id": "108391" }, { "db": "JVNDB", "id": "JVNDB-2019-004598" }, { "db": "NVD", "id": "CVE-2019-1728" }, { "db": "CNNVD", "id": "CNNVD-201905-642" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-05-15T00:00:00", "db": "VULHUB", "id": "VHN-149510" }, { "date": "2019-05-15T00:00:00", "db": "BID", "id": "108391" }, { "date": "2019-06-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-004598" }, { "date": "2019-05-15T17:29:01.593000", "db": "NVD", "id": "CVE-2019-1728" }, { "date": "2019-05-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201905-642" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-05-21T00:00:00", "db": "VULHUB", "id": "VHN-149510" }, { "date": "2019-05-15T00:00:00", "db": "BID", "id": "108391" }, { "date": "2019-06-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-004598" }, { "date": "2019-05-21T13:29:00.490000", "db": "NVD", "id": "CVE-2019-1728" }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-201905-642" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "BID", "id": "108391" }, { "db": "CNNVD", "id": "CNNVD-201905-642" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Cisco FXOS Software and Cisco NX-OS Vulnerabilities related to digital signature verification in software", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-004598" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "data forgery", "sources": [ { "db": "CNNVD", "id": "CNNVD-201905-642" } ], "trust": 0.6 } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.