cnvd-2019-42597
Vulnerability from cnvd
Title: Cisco NX-OS Software操作系统命令注入漏洞
Description:
Cisco Nexus 3000 Series Switches等都是美国思科(Cisco)公司的产品。Cisco Nexus 3000 Series Switches是一款3000系列交换机。Cisco Nexus 3500 Platform Switches是一款3500系列平台交换机。Cisco Nexus 3600 Platform Switches是一款3600系列平台交换机。Cisco NX-OS Software是一套交换机使用的数据中心级操作系统软件。
Cisco NX-OS Software中与virtualization manager有关的命令存在操作系统命令注入漏洞,该漏洞源于程序未能充分验证传入到VMAN CLI命令的参数,本地攻击者可利用该漏洞以root权限在底层Linux操作系统上执行任意命令。
Severity: 高
Patch Name: Cisco NX-OS Software操作系统命令注入漏洞的补丁
Patch Description:
Cisco Nexus 3000 Series Switches等都是美国思科(Cisco)公司的产品。Cisco Nexus 3000 Series Switches是一款3000系列交换机。Cisco Nexus 3500 Platform Switches是一款3500系列平台交换机。Cisco Nexus 3600 Platform Switches是一款3600系列平台交换机。Cisco NX-OS Software是一套交换机使用的数据中心级操作系统软件。
Cisco NX-OS Software中与virtualization manager有关的命令存在操作系统命令注入漏洞,该漏洞源于程序未能充分验证传入到VMAN CLI命令的参数,本地攻击者可利用该漏洞以root权限在底层Linux操作系统上执行任意命令。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description:
厂商已发布了漏洞修复程序,请及时关注更新: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-nxos-vman-cmd-inj
Reference: https://nvd.nist.gov/vuln/detail/CVE-2019-12717
Impacted products
| Name | ['Cisco Nexus 3000 Series Switche', 'Cisco Nexus 6000 Series Switches', 'Cisco Nexus 7700 Series Switches', 'Cisco Nexus 5600 Platform Switches', 'Cisco Nexus 5500 Platform Switches', 'Cisco Nexus 3500 Platform Switches', 'Cisco Nexus 7000 Series Switches 0', 'Cisco Nexus 3600 Platform Switches', 'Cisco Nexus 9500 R-Series Switching Platform', 'Cisco Nexus 9000 Series Switches in standalone NX-OS mode'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-12717",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-12717"
}
},
"description": "Cisco Nexus 3000 Series Switches\u7b49\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco Nexus 3000 Series Switches\u662f\u4e00\u6b3e3000\u7cfb\u5217\u4ea4\u6362\u673a\u3002Cisco Nexus 3500 Platform Switches\u662f\u4e00\u6b3e3500\u7cfb\u5217\u5e73\u53f0\u4ea4\u6362\u673a\u3002Cisco Nexus 3600 Platform Switches\u662f\u4e00\u6b3e3600\u7cfb\u5217\u5e73\u53f0\u4ea4\u6362\u673a\u3002Cisco NX-OS Software\u662f\u4e00\u5957\u4ea4\u6362\u673a\u4f7f\u7528\u7684\u6570\u636e\u4e2d\u5fc3\u7ea7\u64cd\u4f5c\u7cfb\u7edf\u8f6f\u4ef6\u3002\n\nCisco NX-OS Software\u4e2d\u4e0evirtualization manager\u6709\u5173\u7684\u547d\u4ee4\u5b58\u5728\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u9a8c\u8bc1\u4f20\u5165\u5230VMAN CLI\u547d\u4ee4\u7684\u53c2\u6570\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5root\u6743\u9650\u5728\u5e95\u5c42Linux\u64cd\u4f5c\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-nxos-vman-cmd-inj",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-42597",
"openTime": "2019-11-28",
"patchDescription": "Cisco Nexus 3000 Series Switches\u7b49\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco Nexus 3000 Series Switches\u662f\u4e00\u6b3e3000\u7cfb\u5217\u4ea4\u6362\u673a\u3002Cisco Nexus 3500 Platform Switches\u662f\u4e00\u6b3e3500\u7cfb\u5217\u5e73\u53f0\u4ea4\u6362\u673a\u3002Cisco Nexus 3600 Platform Switches\u662f\u4e00\u6b3e3600\u7cfb\u5217\u5e73\u53f0\u4ea4\u6362\u673a\u3002Cisco NX-OS Software\u662f\u4e00\u5957\u4ea4\u6362\u673a\u4f7f\u7528\u7684\u6570\u636e\u4e2d\u5fc3\u7ea7\u64cd\u4f5c\u7cfb\u7edf\u8f6f\u4ef6\u3002\r\n\r\nCisco NX-OS Software\u4e2d\u4e0evirtualization manager\u6709\u5173\u7684\u547d\u4ee4\u5b58\u5728\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u9a8c\u8bc1\u4f20\u5165\u5230VMAN CLI\u547d\u4ee4\u7684\u53c2\u6570\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5root\u6743\u9650\u5728\u5e95\u5c42Linux\u64cd\u4f5c\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Cisco NX-OS Software\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Cisco Nexus 3000 Series Switche",
"Cisco Nexus 6000 Series Switches",
"Cisco Nexus 7700 Series Switches",
"Cisco Nexus 5600 Platform Switches",
"Cisco Nexus 5500 Platform Switches",
"Cisco Nexus 3500 Platform Switches",
"Cisco Nexus 7000 Series Switches 0",
"Cisco Nexus 3600 Platform Switches",
"Cisco Nexus 9500 R-Series Switching Platform",
"Cisco Nexus 9000 Series Switches in standalone NX-OS mode"
]
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-12717",
"serverity": "\u9ad8",
"submitTime": "2019-09-26",
"title": "Cisco NX-OS Software\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…