CVE-2019-1600
Vulnerability from cvelistv5
Published
2019-03-07 20:00
Modified
2024-11-20 17:26
Summary
Cisco FXOS and NX-OS Software Unauthorized Directory Access Vulnerability
Impacted products
Vendor Product Version
Cisco Firepower 9300 Series Next-Generation Firewalls Version: unspecified   < 2.2.2.91
Version: unspecified   < 2.3.1.110
Cisco MDS 9000 Series Multilayer Switches Version: unspecified   < 6.2(25)
Version: unspecified   < 8.1(1b)
Version: unspecified   < 8.3(1)
Cisco Nexus 3000 Series Switches Version: unspecified   < 7.0(3)I4(9)
Version: unspecified   < 7.0(3)I7(4)
Cisco Nexus 3500 Platform Switches Version: unspecified   < 6.0(2)A8(10)
Version: unspecified   < 7.0(3)I7(4)
Cisco Nexus 3600 Platform Switches Version: unspecified   < 7.0(3)F3(5)
Cisco Nexus 2000, 5500, 5600, and 6000 Series Switches Version: unspecified   < 7.1(5)N1(1b)
Version: unspecified   < 7.3(3)N1(1)
Cisco Nexus 7000 and 7700 Series Switches Version: unspecified   < 6.2(22)
Version: unspecified   < 7.3(3)D1(1)
Version: unspecified   < 8.2(3)
Cisco Nexus 9000 Series Switches-Standalone Version: unspecified   < 7.0(3)I4(9)
Version: unspecified   < 7.0(3)I7(4)
Cisco Nexus 9500 R-Series Line Cards and Fabric Modules Version: unspecified   < 7.0(3)F3(5)
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:20:28.424Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "107399",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107399"
          },
          {
            "name": "20190306 Cisco FXOS and NX-OS Software Unauthorized Directory Access Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-directory"
          },
          {
            "name": "107404",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107404"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-1600",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-20T16:55:46.371130Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-20T17:26:53.055Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firepower 4100 Series Next-Generation Firewalls",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "2.2.2.91",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "2.3.1.110",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firepower 9300 Series Next-Generation Firewalls",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "2.2.2.91",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "2.3.1.110",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "MDS 9000 Series Multilayer Switches",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "6.2(25)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "8.1(1b)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "8.3(1)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Nexus 3000 Series Switches",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "7.0(3)I4(9)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "7.0(3)I7(4)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Nexus 3500 Platform Switches",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "6.0(2)A8(10)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "7.0(3)I7(4)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Nexus 3600 Platform Switches",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "7.0(3)F3(5)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Nexus 2000, 5500, 5600, and 6000 Series Switches",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "7.1(5)N1(1b)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "7.3(3)N1(1)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Nexus 7000 and 7700 Series Switches",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "6.2(22)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "7.3(3)D1(1)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "8.2(3)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Nexus 9000 Series Switches-Standalone",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "7.0(3)I4(9)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "7.0(3)I7(4)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Nexus 9500 R-Series Line Cards and Fabric Modules",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "7.0(3)F3(5)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-03-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the file system permissions of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive information that is stored in the file system of an affected system. The vulnerability is due to improper implementation of file system permissions. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow the attacker to access sensitive and critical files. Firepower 4100 Series Next-Generation Firewalls are affected in versions prior to 2.2.2.91 and 2.3.1.110. Firepower 9300 Series Next-Generation Firewalls are affected in versions prior to 2.2.2.91 and 2.3.1.110. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(25), 8.1(1b), and 8.3(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.1(5)N1(1b) and 7.3(3)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5)."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-264",
              "description": "CWE-264",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-15T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "107399",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107399"
        },
        {
          "name": "20190306 Cisco FXOS and NX-OS Software Unauthorized Directory Access Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-directory"
        },
        {
          "name": "107404",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107404"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190306-nxos-directory",
        "defect": [
          [
            "CSCvh75886",
            "CSCvh75949",
            "CSCvi96549",
            "CSCvi96551",
            "CSCvi96554",
            "CSCvi96559"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco FXOS and NX-OS Software Unauthorized Directory Access Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-03-06T16:00:00-0800",
          "ID": "CVE-2019-1600",
          "STATE": "PUBLIC",
          "TITLE": "Cisco FXOS and NX-OS Software Unauthorized Directory Access Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Firepower 4100 Series Next-Generation Firewalls",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "2.2.2.91"
                          },
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "2.3.1.110"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firepower 9300 Series Next-Generation Firewalls",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "2.2.2.91"
                          },
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "2.3.1.110"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "MDS 9000 Series Multilayer Switches",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "6.2(25)"
                          },
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "8.1(1b)"
                          },
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "8.3(1)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Nexus 3000 Series Switches",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "7.0(3)I4(9)"
                          },
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "7.0(3)I7(4)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Nexus 3500 Platform Switches",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "6.0(2)A8(10)"
                          },
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "7.0(3)I7(4)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Nexus 3600 Platform Switches",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "7.0(3)F3(5)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Nexus 2000, 5500, 5600, and 6000 Series Switches",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "7.1(5)N1(1b)"
                          },
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "7.3(3)N1(1)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Nexus 7000 and 7700 Series Switches",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "6.2(22)"
                          },
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "7.3(3)D1(1)"
                          },
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "8.2(3)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Nexus 9000 Series Switches-Standalone",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "7.0(3)I4(9)"
                          },
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "7.0(3)I7(4)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Nexus 9500 R-Series Line Cards and Fabric Modules",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "7.0(3)F3(5)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the file system permissions of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive information that is stored in the file system of an affected system. The vulnerability is due to improper implementation of file system permissions. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow the attacker to access sensitive and critical files. Firepower 4100 Series Next-Generation Firewalls are affected in versions prior to 2.2.2.91 and 2.3.1.110. Firepower 9300 Series Next-Generation Firewalls are affected in versions prior to 2.2.2.91 and 2.3.1.110. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(25), 8.1(1b), and 8.3(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.1(5)N1(1b) and 7.3(3)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5)."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.7",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "107399",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107399"
            },
            {
              "name": "20190306 Cisco FXOS and NX-OS Software Unauthorized Directory Access Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-directory"
            },
            {
              "name": "107404",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107404"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190306-nxos-directory",
          "defect": [
            [
              "CSCvh75886",
              "CSCvh75949",
              "CSCvi96549",
              "CSCvi96551",
              "CSCvi96554",
              "CSCvi96559"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1600",
    "datePublished": "2019-03-07T20:00:00Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-11-20T17:26:53.055Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-1600\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2019-03-07T20:29:00.343\",\"lastModified\":\"2024-11-21T04:36:53.833\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the file system permissions of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive information that is stored in the file system of an affected system. The vulnerability is due to improper implementation of file system permissions. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow the attacker to access sensitive and critical files. Firepower 4100 Series Next-Generation Firewalls are affected in versions prior to 2.2.2.91 and 2.3.1.110. Firepower 9300 Series Next-Generation Firewalls are affected in versions prior to 2.2.2.91 and 2.3.1.110. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(25), 8.1(1b), and 8.3(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.1(5)N1(1b) and 7.3(3)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en los permisos de sistema de archivos del software Cisco FXOS y Cisco NX-OS podr\u00eda permitir que un atacante local autenticado acceda a informaci\u00f3n sensible que se almacena en el sistema de archivos de un sistema afectado. Esta vulnerabilidad se debe a la implementaci\u00f3n incorrecta de permisos de sistemas de archivos. Un atacante podr\u00eda explotar esta vulnerabilidad modificando y accediendo a los archivos restringidos. Un exploit con \u00e9xito podr\u00eda permitir que el atacante acceda a archivos cr\u00edticos y sensibles. Los firewalls de Firepower 4100 Series Next-Generation se ven afectados en versiones anteriores a las 2.2.2.91 y 2.3.1.110. Los firewalls de Firepower 9300 Series Next-Generation se ven afectados en versiones anteriores a las 2.2.2.91 y 2.3.1.110. Los switches de MDS 9000 Series Multilayer se ven afectados en versiones anteriores a las 6.2(25), 8.1(1b) y 8.3(1). Los switches de Nexus 3000 Series se ven afectados en versiones anteriores a las 7.0(3)I4(9) y 7.0(3)I7(4). Los switches de Nexus 3500 Platform se ven afectados en versiones anteriores a la 6.0(2)A8(10) y 7.0(3)I7(4). Los switches de Nexus 3600 Platform se ven afectados en versiones anteriores a la 7.0(3)F3(5). Los switches de Nexus, en sus series 5500, 5600 y 6000, se ven afectados en versiones anteriores a las 7.1(5)N1(1b) y 7.3(3)N1(1). Los switches de Nexus, en sus series 7000 y 7700, se ven afectados en versiones anteriores a las 6.2(22), 7.3(3)D1(1) y 8.2(3). Los switches de Nexus 9000 Series-Standalone se ven afectados en versiones anteriores a las 7.0(3)I4(9) y 7.0(3)I7(4). Los switches de Nexus 9500 R-Series Line Cards y Fabric Modules se ven afectados en versiones anteriores a la 7.0(3)F3(5).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":4.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.8,\"impactScore\":3.6}],\"cvssMetricV30\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-732\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.1\",\"versionEndExcluding\":\"2.2.2.91\",\"matchCriteriaId\":\"564FA53C-9818-46CF-A477-5CD792DB55A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.3\",\"versionEndExcluding\":\"2.3.1.110\",\"matchCriteriaId\":\"05C90B52-C307-4353-87BA-9C844DA407B2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_4100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E9552E6-0B9B-4B32-BE79-90D4E3887A7B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_9300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07DAFDDA-718B-4B69-A524-B0CEB80FE960\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.2\",\"versionEndExcluding\":\"8.3\\\\(1\\\\)\",\"matchCriteriaId\":\"F4863FC5-6578-48DE-838D-E5D2EEFF27B1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:mds_9000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FD00AB9-F2DD-4D07-8DFF-E7B34824D66A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0\\\\(3\\\\)i5\",\"versionEndExcluding\":\"7.0\\\\(3\\\\)i7\\\\(4\\\\)\",\"matchCriteriaId\":\"C59A80D2-51B2-42C4-8FAA-F00A42388F90\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10FFC5E8-CC5A-4D31-A63A-19E72EC442AB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0\\\\(3\\\\)\",\"versionEndExcluding\":\"7.0\\\\(3\\\\)i7\\\\(4\\\\)\",\"matchCriteriaId\":\"F24A8F48-7C57-40DD-AF84-3CB2940611DF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8E1073F-D374-4311-8F12-AD8C72FAA293\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0\\\\(3\\\\)f3\",\"versionEndExcluding\":\"7.0\\\\(3\\\\)f3\\\\(5\\\\)\",\"matchCriteriaId\":\"AB649123-3091-4A8E-A992-42E7BAE299ED\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97217080-455C-48E4-8CE1-6D5B9485864F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.2\",\"versionEndExcluding\":\"7.3\\\\(3\\\\)n1\\\\(1\\\\)\",\"matchCriteriaId\":\"245920C2-3FEF-45FB-ADD5-ACD3BB32F880\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_2000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB2FDB70-C681-4927-97F4-2B466E718859\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_5500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFC8699E-81C0-4374-B827-71B3916B910D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_5600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"870F4379-68F6-4B34-B99B-107DFE0DBD63\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_6000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A58223F-3B15-420B-A6D4-841451CF0380\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0\",\"versionEndExcluding\":\"8.2\\\\(3\\\\)\",\"matchCriteriaId\":\"B8882184-A5B1-4F67-B942-FDEE2FFD43F4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12180BEB-7F21-4FA7-ABD2-E9A8EA7340F3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_7700:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD7A4B4B-3BB1-4A4D-911E-C4EEF01BBC45\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0\\\\(3\\\\)i5\",\"versionEndExcluding\":\"7.0\\\\(3\\\\)i7\\\\(4\\\\)\",\"matchCriteriaId\":\"C59A80D2-51B2-42C4-8FAA-F00A42388F90\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8EBEBA5B-5589-417B-BF3B-976083E9FE54\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0\\\\(3\\\\)f1\",\"versionEndExcluding\":\"7.0\\\\(3\\\\)f3\\\\(5\\\\)\",\"matchCriteriaId\":\"5C856C77-493C-4543-8958-A9AEBBDCBBDD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63BE0266-1C00-4D6A-AD96-7F82532ABAA7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.3\",\"versionEndExcluding\":\"8.1\\\\(1b\\\\)\",\"matchCriteriaId\":\"86770ECC-BC1D-42BC-A65B-FCE598491BEE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:mds_9000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FD00AB9-F2DD-4D07-8DFF-E7B34824D66A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.2.\",\"versionEndExcluding\":\"6.2\\\\(25\\\\)\",\"matchCriteriaId\":\"9F027C2C-7730-4023-A078-A024103328DC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:mds_9000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FD00AB9-F2DD-4D07-8DFF-E7B34824D66A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.0\\\\(3\\\\)i4\\\\(9\\\\)\",\"matchCriteriaId\":\"92B576CF-5EAD-4830-A7B7-ACC434349691\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10FFC5E8-CC5A-4D31-A63A-19E72EC442AB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.0\\\\(2\\\\)a8\\\\(10\\\\)\",\"matchCriteriaId\":\"6B1386A3-38D8-40A7-9828-AF76A910F533\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8E1073F-D374-4311-8F12-AD8C72FAA293\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.1\\\\(5\\\\)n1\\\\(1b\\\\)\",\"matchCriteriaId\":\"934E7941-C773-4032-944B-4AC57FB11D23\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_2000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB2FDB70-C681-4927-97F4-2B466E718859\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_5500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFC8699E-81C0-4374-B827-71B3916B910D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_5600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"870F4379-68F6-4B34-B99B-107DFE0DBD63\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_6000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A58223F-3B15-420B-A6D4-841451CF0380\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.2\",\"versionEndExcluding\":\"7.3\\\\(3\\\\)d1\\\\(1\\\\)\",\"matchCriteriaId\":\"3411F8C2-D65A-46CF-9563-0A9866462491\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12180BEB-7F21-4FA7-ABD2-E9A8EA7340F3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_7700:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD7A4B4B-3BB1-4A4D-911E-C4EEF01BBC45\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.2\\\\(22\\\\)\",\"matchCriteriaId\":\"A67D92F3-7EE1-4CFD-9608-4E35994C1BC4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12180BEB-7F21-4FA7-ABD2-E9A8EA7340F3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_7700:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD7A4B4B-3BB1-4A4D-911E-C4EEF01BBC45\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.0\\\\(3\\\\)i4\\\\(9\\\\)\",\"matchCriteriaId\":\"92B576CF-5EAD-4830-A7B7-ACC434349691\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8EBEBA5B-5589-417B-BF3B-976083E9FE54\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/107399\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/107404\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-directory\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/107399\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/107404\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-directory\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.