CVE-2019-1727 : A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could

A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and issue arbitrary commands to elevate the attacker's privilege level. The vulnerability is due to insufficient sanitization of user-supplied parameters that are passed to certain Python functions in the scripting sandbox of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands to elevate the attacker's privilege level. To exploit this vulnerability, the attacker must have local access and be authenticated to the targeted device with administrative or Python execution privileges. These requirements could limit the possibility of a successful exploit.

Published 2019-05-15 17:29:02

Updated 2020-10-16 13:09:59

Source Cisco Systems, Inc.

View at NVD, CVE.org

Products affected by CVE-2019-1727

Cisco » Nx-os
Versions from including (>=) 8.0 and before (<) 8.3\(1\)
cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Nexus 7000 » Version: N/A
When used together with: Cisco » Nexus 7700 » Version: N/A
Cisco » Nx-os
Versions from including (>=) 6.2 and before (<) 7.3\(3\)d1\(1\)
cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Nexus 7000 » Version: N/A
When used together with: Cisco » Nexus 7700 » Version: N/A
Cisco » Nx-os
Versions from including (>=) 7.3 and before (<) 7.3\(4\)n1\(1\)
cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Nexus 5500 » Version: N/A
When used together with: Cisco » Nexus 5600 » Version: N/A
When used together with: Cisco » Nexus 6000 » Version: N/A
Cisco » Nx-os
Versions from including (>=) 7.0\(3\)i5 and before (<) 7.0\(3\)i7\(3\)
cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Nexus 3000 » Version: N/A
When used together with: Cisco » Nexus 3100 » Version: N/A
When used together with: Cisco » Nexus 3100-z » Version: N/A
When used together with: Cisco » Nexus 3100v » Version: N/A
When used together with: Cisco » Nexus 3200 » Version: N/A
When used together with: Cisco » Nexus 3400 » Version: N/A
When used together with: Cisco » Nexus 3500 » Version: N/A
When used together with: Cisco » Nexus 3524-x » Version: N/A
When used together with: Cisco » Nexus 3524-xl » Version: N/A
When used together with: Cisco » Nexus 3548-x » Version: N/A
When used together with: Cisco » Nexus 3548-xl » Version: N/A
When used together with: Cisco » Nexus 3600 » Version: N/A
When used together with: Cisco » Nexus 9000 » Version: N/A
When used together with: Cisco » Nexus 9200 » Version: N/A
When used together with: Cisco » Nexus 9300 » Version: N/A
When used together with: Cisco » Nexus 9500 » Version: N/A
Cisco » Nx-os
Versions from including (>=) 8.2 and before (<) 8.3\(1\)
cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Mds 9000 » Version: N/A
When used together with: Cisco » Mds 9100 » Version: N/A
When used together with: Cisco » Mds 9200 » Version: N/A
When used together with: Cisco » Mds 9500 » Version: N/A
When used together with: Cisco » Mds 9700 » Version: N/A
Cisco » Nx-os
Versions from including (>=) 7.0\(3\)i4 and before (<) 7.0\(3\)i4\(8\)
cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Nexus 3000 » Version: N/A
When used together with: Cisco » Nexus 3100 » Version: N/A
When used together with: Cisco » Nexus 3100-z » Version: N/A
When used together with: Cisco » Nexus 3100v » Version: N/A
When used together with: Cisco » Nexus 3200 » Version: N/A
When used together with: Cisco » Nexus 3400 » Version: N/A
When used together with: Cisco » Nexus 3500 » Version: N/A
When used together with: Cisco » Nexus 3524-x » Version: N/A
When used together with: Cisco » Nexus 3524-xl » Version: N/A
When used together with: Cisco » Nexus 3548-x » Version: N/A
When used together with: Cisco » Nexus 3548-xl » Version: N/A
When used together with: Cisco » Nexus 3600 » Version: N/A
When used together with: Cisco » Nexus 9000 » Version: N/A
When used together with: Cisco » Nexus 9200 » Version: N/A
When used together with: Cisco » Nexus 9300 » Version: N/A
When used together with: Cisco » Nexus 9500 » Version: N/A
Cisco » Nx-os
Versions from including (>=) 5.2 and before (<) 8.1\(1b\)
cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Mds 9000 » Version: N/A
When used together with: Cisco » Mds 9100 » Version: N/A
When used together with: Cisco » Mds 9200 » Version: N/A
When used together with: Cisco » Mds 9500 » Version: N/A
When used together with: Cisco » Mds 9700 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2019-1727

EPSS FAQ

0.13%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 30 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-1727

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
4.2	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L	0.8	3.4	Cisco Systems, Inc.
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: Low
6.7	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	0.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2019-1727

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Assigned by: nvd@nist.gov (Primary)
CWE-264

Assigned by: ykramarz@cisco.com (Secondary)

References for CVE-2019-1727

http://www.securityfocus.com/bid/108341

Cisco NX-OS Software CVE-2019-1727 Local Privilege Escalation Vulnerability
Third Party Advisory;VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-pyth-escal

Cisco NX-OS Software Python Parser Privilege Escalation Vulnerability
Vendor Advisory

Jump to

Vulnerability Details : CVE-2019-1727

Products affected by CVE-2019-1727

Exploit prediction scoring system (EPSS) score for CVE-2019-1727

CVSS scores for CVE-2019-1727

CWE ids for CVE-2019-1727

References for CVE-2019-1727