CVE-2019-1603 : A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated,

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to escalate lower-level privileges to the administrator level. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by authenticating to the targeted device and executing commands that could lead to elevated privileges. A successful exploit could allow an attacker to make configuration changes to the system as administrator. Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).

Published 2019-03-08 19:29:00

Updated 2020-10-08 19:57:00

Source Cisco Systems, Inc.

View at NVD, CVE.org

Vulnerability category: BypassGain privilege

Products affected by CVE-2019-1603

Cisco » Nx-os
Versions before (<) 7.0\(3\)i7\(4\)
cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Nexus 3000 » Version: N/A
When used together with: Cisco » Nexus 3500 » Version: N/A
When used together with: Cisco » Nexus 9000 » Version: N/A
Cisco » Nx-os
Versions before (<) 7.0\(3\)f3\(5\)
cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Nexus 3600 » Version: N/A
When used together with: Cisco » Nexus 9500 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2019-1603

EPSS FAQ

0.22%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 41 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-1603

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P	3.9	6.4	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
7.8	HIGH	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	Cisco Systems, Inc.
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2019-1603

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

Assigned by: ykramarz@cisco.com (Secondary)
CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2019-1603

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-privesc

Cisco NX-OS Software Privilege Escalation Vulnerability
Patch;Vendor Advisory
http://www.securityfocus.com/bid/107328

Cisco NX-OS Software CVE-2019-1603 Local Privilege Escalation Vulnerability
Third Party Advisory;VDB Entry

Jump to

Vulnerability Details : CVE-2019-1603

Products affected by CVE-2019-1603

Exploit prediction scoring system (EPSS) score for CVE-2019-1603

CVSS scores for CVE-2019-1603

CWE ids for CVE-2019-1603

References for CVE-2019-1603