cnvd-2019-26405
Vulnerability from cnvd
Title: Cisco NX-OS Software和Cisco FXOS Software命令注入漏洞
Description:
Cisco Firepower 4100 Series等都是美国思科(Cisco)公司的产品。Cisco Firepower 4100 Series是一款4100系列的防火墙设备。Cisco FXOS Software是一套运行在思科安全设备中的防火墙软件。Cisco Nexus 3000 Series Switches是一款3000系列交换机。Cisco MDS 9000 Series Multilayer Switches是一款MDS 9000系列多层交换机。Cisco NX-OS Software是一套交换机使用的数据中心级操作系统软件。
Cisco NX-OS Software和Cisco FXOS Software中的CLI存在命令注入漏洞,该漏洞源于外部输入数据构造可执行命令过程中,网络系统或产品未正确过滤其中的特殊元素,攻击者可利用该漏洞执行非法命令。
Severity: 高
Patch Name: Cisco NX-OS Software和Cisco FXOS Software命令注入漏洞的补丁
Patch Description:
Cisco Firepower 4100 Series等都是美国思科(Cisco)公司的产品。Cisco Firepower 4100 Series是一款4100系列的防火墙设备。Cisco FXOS Software是一套运行在思科安全设备中的防火墙软件。Cisco Nexus 3000 Series Switches是一款3000系列交换机。Cisco MDS 9000 Series Multilayer Switches是一款MDS 9000系列多层交换机。Cisco NX-OS Software是一套交换机使用的数据中心级操作系统软件。
Cisco NX-OS Software和Cisco FXOS Software中的CLI存在命令注入漏洞,该漏洞源于外部输入数据构造可执行命令过程中,网络系统或产品未正确过滤其中的特殊元素,攻击者可利用该漏洞执行非法命令。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description:
厂商已发布了漏洞修复程序,请及时关注更新: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-fxos-cmdinj-1780
Reference: https://web.nvd.nist.gov//vuln/detail/CVE-2019-1780 http://www.securityfocus.com/bid/108392
Impacted products
| Name | ['Cisco Nexus 3000 Series Switche', 'Cisco Nexus 6000 Series Switches', 'Cisco Firepower 4100 Series', 'Cisco Nexus 7700 Series Switches', 'Cisco Nexus 5600 Platform Switches', 'Cisco Nexus 5500 Platform Switches', 'Cisco Nexus 3500 Platform Switches', 'Cisco Nexus 7000 Series Switches 0', 'Cisco Nexus 3600 Platform Switches', 'Cisco MDS 9000 Series Multilayer Switches', 'Cisco Switches in standalone NX-OS mode', 'Cisco Firepower 9300 Security Appliances', 'Cisco Nexus 9500 R-Series Switching Platform', 'Cisco Nexus 9000 Series'] |
|---|
{
"bids": {
"bid": {
"bidNumber": "108392"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2019-1780",
"cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1780"
}
},
"description": "Cisco Firepower 4100 Series\u7b49\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco Firepower 4100 Series\u662f\u4e00\u6b3e4100\u7cfb\u5217\u7684\u9632\u706b\u5899\u8bbe\u5907\u3002Cisco FXOS Software\u662f\u4e00\u5957\u8fd0\u884c\u5728\u601d\u79d1\u5b89\u5168\u8bbe\u5907\u4e2d\u7684\u9632\u706b\u5899\u8f6f\u4ef6\u3002Cisco Nexus 3000 Series Switches\u662f\u4e00\u6b3e3000\u7cfb\u5217\u4ea4\u6362\u673a\u3002Cisco MDS 9000 Series Multilayer Switches\u662f\u4e00\u6b3eMDS 9000\u7cfb\u5217\u591a\u5c42\u4ea4\u6362\u673a\u3002Cisco NX-OS Software\u662f\u4e00\u5957\u4ea4\u6362\u673a\u4f7f\u7528\u7684\u6570\u636e\u4e2d\u5fc3\u7ea7\u64cd\u4f5c\u7cfb\u7edf\u8f6f\u4ef6\u3002\n\nCisco NX-OS Software\u548cCisco FXOS Software\u4e2d\u7684CLI\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5916\u90e8\u8f93\u5165\u6570\u636e\u6784\u9020\u53ef\u6267\u884c\u547d\u4ee4\u8fc7\u7a0b\u4e2d\uff0c\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u6b63\u786e\u8fc7\u6ee4\u5176\u4e2d\u7684\u7279\u6b8a\u5143\u7d20\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u975e\u6cd5\u547d\u4ee4\u3002",
"discovererName": "Cisco",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-fxos-cmdinj-1780",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-26405",
"openTime": "2019-08-08",
"patchDescription": "Cisco Firepower 4100 Series\u7b49\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco Firepower 4100 Series\u662f\u4e00\u6b3e4100\u7cfb\u5217\u7684\u9632\u706b\u5899\u8bbe\u5907\u3002Cisco FXOS Software\u662f\u4e00\u5957\u8fd0\u884c\u5728\u601d\u79d1\u5b89\u5168\u8bbe\u5907\u4e2d\u7684\u9632\u706b\u5899\u8f6f\u4ef6\u3002Cisco Nexus 3000 Series Switches\u662f\u4e00\u6b3e3000\u7cfb\u5217\u4ea4\u6362\u673a\u3002Cisco MDS 9000 Series Multilayer Switches\u662f\u4e00\u6b3eMDS 9000\u7cfb\u5217\u591a\u5c42\u4ea4\u6362\u673a\u3002Cisco NX-OS Software\u662f\u4e00\u5957\u4ea4\u6362\u673a\u4f7f\u7528\u7684\u6570\u636e\u4e2d\u5fc3\u7ea7\u64cd\u4f5c\u7cfb\u7edf\u8f6f\u4ef6\u3002\r\n\r\nCisco NX-OS Software\u548cCisco FXOS Software\u4e2d\u7684CLI\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5916\u90e8\u8f93\u5165\u6570\u636e\u6784\u9020\u53ef\u6267\u884c\u547d\u4ee4\u8fc7\u7a0b\u4e2d\uff0c\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u6b63\u786e\u8fc7\u6ee4\u5176\u4e2d\u7684\u7279\u6b8a\u5143\u7d20\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u975e\u6cd5\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Cisco NX-OS Software\u548cCisco FXOS Software\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Cisco Nexus 3000 Series Switche",
"Cisco Nexus 6000 Series Switches",
"Cisco Firepower 4100 Series",
"Cisco Nexus 7700 Series Switches",
"Cisco Nexus 5600 Platform Switches",
"Cisco Nexus 5500 Platform Switches",
"Cisco Nexus 3500 Platform Switches",
"Cisco Nexus 7000 Series Switches 0",
"Cisco Nexus 3600 Platform Switches",
"Cisco MDS 9000 Series Multilayer Switches",
"Cisco Switches in standalone NX-OS mode",
"Cisco Firepower 9300 Security Appliances",
"Cisco Nexus 9500 R-Series Switching Platform",
"Cisco Nexus 9000 Series"
]
},
"referenceLink": "https://web.nvd.nist.gov//vuln/detail/CVE-2019-1780\r\nhttp://www.securityfocus.com/bid/108392",
"serverity": "\u9ad8",
"submitTime": "2019-05-16",
"title": "Cisco NX-OS Software\u548cCisco FXOS Software\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…