CVE-2019-1769 : A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated,

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system of an attached line card with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system of an attached line card with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

Published 2019-05-15 20:29:01

Updated 2023-03-24 18:04:28

Source Cisco Systems, Inc.

View at NVD, CVE.org

Products affected by CVE-2019-1769

Cisco » Nx-os
Versions from including (>=) 7.0\(3\) and before (<) 7.0\(3\)f3\(5\)
cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » N9k-c9504-fm-r » Version: N/A
When used together with: Cisco » N9k-c9508-fm-r » Version: N/A
When used together with: Cisco » N9k-x96136yc-r » Version: N/A
When used together with: Cisco » N9k-x9636c-r » Version: N/A
When used together with: Cisco » N9k-x9636c-rx » Version: N/A
When used together with: Cisco » N9k-x9636q-r » Version: N/A
When used together with: Cisco » Nexus 36180yc-r » Version: N/A
When used together with: Cisco » Nexus 3636c-r » Version: N/A
When used together with: Cisco » X96136yc-r » Version: N/A
When used together with: Cisco » X9636c-r » Version: N/A
When used together with: Cisco » X9636c-rx » Version: N/A
When used together with: Cisco » X9636q-r » Version: N/A
Cisco » Nx-os
Versions before (<) 7.0\(3\)i7\(6\)
cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Nexus 3016 » Version: N/A
When used together with: Cisco » Nexus 3048 » Version: N/A
When used together with: Cisco » Nexus 3064 » Version: N/A
When used together with: Cisco » Nexus 3064-t » Version: N/A
When used together with: Cisco » Nexus 31108pc-v » Version: N/A
When used together with: Cisco » Nexus 31108tc-v » Version: N/A
When used together with: Cisco » Nexus 31128pq » Version: N/A
When used together with: Cisco » Nexus 3132c-z » Version: N/A
When used together with: Cisco » Nexus 3132q » Version: N/A
When used together with: Cisco » Nexus 3132q-v » Version: N/A
When used together with: Cisco » Nexus 3132q-xl » Version: N/A
When used together with: Cisco » Nexus 3164q » Version: N/A
When used together with: Cisco » Nexus 3172 » Version: N/A
When used together with: Cisco » Nexus 3172pq-xl » Version: N/A
When used together with: Cisco » Nexus 3172tq » Version: N/A
When used together with: Cisco » Nexus 3172tq-32t » Version: N/A
When used together with: Cisco » Nexus 3172tq-xl » Version: N/A
When used together with: Cisco » Nexus 3232c » Version: N/A
When used together with: Cisco » Nexus 3264c-e » Version: N/A
When used together with: Cisco » Nexus 3264q » Version: N/A
When used together with: Cisco » Nexus 34180yc » Version: N/A
When used together with: Cisco » Nexus 3464c » Version: N/A
When used together with: Cisco » Nexus 3524 » Version: N/A
When used together with: Cisco » Nexus 3524-x » Version: N/A
When used together with: Cisco » Nexus 3524-x/xl » Version: N/A
When used together with: Cisco » Nexus 3524-xl » Version: N/A
When used together with: Cisco » Nexus 3548 » Version: N/A
When used together with: Cisco » Nexus 3548-x » Version: N/A
When used together with: Cisco » Nexus 3548-x/xl » Version: N/A
When used together with: Cisco » Nexus 3548-xl » Version: N/A
When used together with: Cisco » Nexus 36180yc-r » Version: N/A
When used together with: Cisco » Nexus 3636c-r » Version: N/A
When used together with: Cisco » Nexus 9200yc » Version: N/A
When used together with: Cisco » Nexus 92304qc » Version: N/A
When used together with: Cisco » Nexus 9236c » Version: N/A
When used together with: Cisco » Nexus 9272q » Version: N/A
When used together with: Cisco » Nexus 93108tc-ex » Version: N/A
When used together with: Cisco » Nexus 93108tc-fx » Version: N/A
When used together with: Cisco » Nexus 93120tx » Version: N/A
When used together with: Cisco » Nexus 93128tx » Version: N/A
When used together with: Cisco » Nexus 93180lc-ex » Version: N/A
When used together with: Cisco » Nexus 93180yc-ex » Version: N/A
When used together with: Cisco » Nexus 93180yc-fx » Version: N/A
When used together with: Cisco » Nexus 93240tc-fx2 » Version: N/A
When used together with: Cisco » Nexus 9332c » Version: N/A
When used together with: Cisco » Nexus 9332pq » Version: N/A
When used together with: Cisco » Nexus 9336pq Aci » Version: N/A
When used together with: Cisco » Nexus 9348gc-fxp » Version: N/A
When used together with: Cisco » Nexus 9372px » Version: N/A
When used together with: Cisco » Nexus 9372px-e » Version: N/A
When used together with: Cisco » Nexus 9372tx » Version: N/A
When used together with: Cisco » Nexus 9372tx-e » Version: N/A
When used together with: Cisco » Nexus 9396px » Version: N/A
When used together with: Cisco » Nexus 9396tx » Version: N/A
When used together with: Cisco » Nexus 9508 » Version: N/A
When used together with: Cisco » Nexus 9516 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2019-1769

EPSS FAQ

0.08%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 21 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-1769

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
6.7	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	0.8	5.9	Cisco Systems, Inc.
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
6.7	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	0.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2019-1769

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Assigned by:
- nvd@nist.gov (Primary)
- ykramarz@cisco.com (Secondary)

References for CVE-2019-1769

http://www.securityfocus.com/bid/108393

Cisco NX-OS CVE-2019-1769 Local Command Injection Vulnerability
Broken Link;Third Party Advisory;VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-linecardinj-1769

Cisco NX-OS Software Line Card Command Injection Vulnerability (CVE-2019-1769)
Vendor Advisory

Jump to

Vulnerability Details : CVE-2019-1769

Products affected by CVE-2019-1769

Exploit prediction scoring system (EPSS) score for CVE-2019-1769

CVSS scores for CVE-2019-1769

CWE ids for CVE-2019-1769

References for CVE-2019-1769