var-201905-0579
Vulnerability from variot
A vulnerability in the FUSE filesystem functionality for Cisco Application Policy Infrastructure Controller (APIC) software could allow an authenticated, local attacker to escalate privileges to root on an affected device. The vulnerability is due to insufficient input validation for certain command strings issued on the CLI of the affected device. An attacker with write permissions for files within a readable folder on the device could alter certain definitions in the affected file. A successful exploit could allow an attacker to cause the underlying FUSE driver to execute said crafted commands, elevating the attacker's privileges to root on an affected device. This issue is being tracked by Cisco Bug ID CSCvn09779. The FUSE file system functionality in Cisco APIC versions prior to 4.1(1i) is vulnerable to permission and access control issues. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0579",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "application policy infrastructure controller",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1\\(1i\\)"
},
{
"model": "application policy infrastructure controller",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "application policy infrastructure controller 3.2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "application policy infrastructure controller 2.3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "application policy infrastructure controller",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.2(1)"
},
{
"model": "application policy infrastructure controller 2.1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "application policy infrastructure controller 2.0",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "application policy infrastructure controller 1.3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "application policy infrastructure controller 4.1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "108129"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003893"
},
{
"db": "NVD",
"id": "CVE-2019-1682"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.1\\(1i\\)",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-1682"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Octav Opaschi with Detack GmbH ?? ??,Octav Opaschi with Detack GmbH .,Octav Opaschi with Detack GmbH",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-015"
}
],
"trust": 0.6
},
"cve": "CVE-2019-1682",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-1682",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-149004",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-1682",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-1682",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2019-1682",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-015",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-149004",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-149004"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003893"
},
{
"db": "NVD",
"id": "CVE-2019-1682"
},
{
"db": "NVD",
"id": "CVE-2019-1682"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-015"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the FUSE filesystem functionality for Cisco Application Policy Infrastructure Controller (APIC) software could allow an authenticated, local attacker to escalate privileges to root on an affected device. The vulnerability is due to insufficient input validation for certain command strings issued on the CLI of the affected device. An attacker with write permissions for files within a readable folder on the device could alter certain definitions in the affected file. A successful exploit could allow an attacker to cause the underlying FUSE driver to execute said crafted commands, elevating the attacker\u0027s privileges to root on an affected device. \nThis issue is being tracked by Cisco Bug ID CSCvn09779. The FUSE file system functionality in Cisco APIC versions prior to 4.1(1i) is vulnerable to permission and access control issues. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-1682"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003893"
},
{
"db": "BID",
"id": "108129"
},
{
"db": "VULHUB",
"id": "VHN-149004"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-1682",
"trust": 2.8
},
{
"db": "BID",
"id": "108129",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003893",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-015",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "43204",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1518.2",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-149004",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-149004"
},
{
"db": "BID",
"id": "108129"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003893"
},
{
"db": "NVD",
"id": "CVE-2019-1682"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-015"
}
]
},
"id": "VAR-201905-0579",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-149004"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:50:17.650000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20190501-apic-priv-escalation",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190501-apic-priv-escalation"
},
{
"title": "Cisco Application Policy Infrastructure Controller Fixes for permissions and access control issues vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92166"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003893"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-015"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-149004"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003893"
},
{
"db": "NVD",
"id": "CVE-2019-1682"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190501-apic-priv-escalation"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1682"
},
{
"trust": 0.9,
"url": "http://www.cisco.com/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1682"
},
{
"trust": 0.6,
"url": "https://www.securityfocus.com/bid/108129"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/80110"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/43204"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-149004"
},
{
"db": "BID",
"id": "108129"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003893"
},
{
"db": "NVD",
"id": "CVE-2019-1682"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-015"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-149004"
},
{
"db": "BID",
"id": "108129"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003893"
},
{
"db": "NVD",
"id": "CVE-2019-1682"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-015"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-03T00:00:00",
"db": "VULHUB",
"id": "VHN-149004"
},
{
"date": "2019-05-01T00:00:00",
"db": "BID",
"id": "108129"
},
{
"date": "2019-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003893"
},
{
"date": "2019-05-03T15:29:00.777000",
"db": "NVD",
"id": "CVE-2019-1682"
},
{
"date": "2019-05-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-015"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-07T00:00:00",
"db": "VULHUB",
"id": "VHN-149004"
},
{
"date": "2019-05-01T00:00:00",
"db": "BID",
"id": "108129"
},
{
"date": "2019-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003893"
},
{
"date": "2020-10-07T18:11:31.143000",
"db": "NVD",
"id": "CVE-2019-1682"
},
{
"date": "2020-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-015"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "108129"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-015"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Application Policy Infrastructure Controller Vulnerability related to authorization, authority, and access control in software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003893"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "108129"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-015"
}
],
"trust": 0.9
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.