var-201903-0539
Vulnerability from variot
A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to gain read and write access to a critical configuration file. The vulnerability is due to a failure to impose strict filesystem permissions on the targeted device. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow an attacker to use the content of this configuration file to bypass authentication and log in as any user of the device. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(25), 8.1(1b), and 8.3(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.1(5)N1(1b) and 7.3(3)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5). Cisco NX-OS There is an access control vulnerability in the software.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco NX-OS Software is a data center-level operating system software used by a set of switches of Cisco
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201903-0539", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "nx-os", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "8.1\\(1b\\)" }, { "model": "nx-os", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "8.3\\(1\\)" }, { "model": "nx-os", "scope": "gte", "trust": 1.0, "vendor": "cisco", "version": "7.0\\(3\\)f3" }, { "model": "nx-os", "scope": "gte", "trust": 1.0, "vendor": "cisco", "version": "7.0\\(3\\)i5" }, { "model": "nx-os", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "7.0\\(3\\)i7\\(4\\)" }, { "model": "nx-os", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "7.3\\(3\\)n1\\(1\\)" }, { "model": "nx-os", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "7.0\\(3\\)f3\\(5\\)" }, { "model": "nx-os", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "6.0\\(2\\)a8\\(10\\)" }, { "model": "nx-os", "scope": "gte", "trust": 1.0, "vendor": "cisco", "version": "7.2" }, { "model": "nx-os", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "7.3\\(3\\)d1\\(1\\)" }, { "model": "nx-os", "scope": "gte", "trust": 1.0, "vendor": "cisco", "version": "7.0\\(3\\)f1" }, { "model": "nx-os", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "7.1\\(5\\)n1\\(1b\\)" }, { "model": "nx-os", "scope": "gte", "trust": 1.0, "vendor": "cisco", "version": "7.0\\(3\\)" }, { "model": "nx-os", "scope": "gte", "trust": 1.0, "vendor": "cisco", "version": "7.3" }, { "model": "nx-os", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "7.0\\(3\\)i4\\(9\\)" }, { "model": "nx-os", "scope": "gte", "trust": 1.0, "vendor": "cisco", "version": "8.2" }, { "model": "nx-os", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "6.2\\(22\\)" }, { "model": "nx-os", "scope": "gte", "trust": 1.0, "vendor": "cisco", "version": "8.0" }, { "model": "nx-os", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "6.2\\(25\\)" }, { "model": "nx-os", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "8.1\\(2\\)" }, { "model": "nx-os", "scope": null, "trust": 0.8, "vendor": "cisco", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-002530" }, { "db": "NVD", "id": "CVE-2019-1601" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/o:cisco:nx-os", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-002530" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "vendor ?? ??", "sources": [ { "db": "CNNVD", "id": "CNNVD-201903-183" } ], "trust": 0.6 }, "cve": "CVE-2019-1601", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "CVE-2019-1601", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "VHN-148113", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ykramarz@cisco.com", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2019-1601", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2019-1601", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2019-1601", "trust": 1.0, "value": "HIGH" }, { "author": "ykramarz@cisco.com", "id": "CVE-2019-1601", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2019-1601", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-201903-183", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-148113", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-148113" }, { "db": "JVNDB", "id": "JVNDB-2019-002530" }, { "db": "CNNVD", "id": "CNNVD-201903-183" }, { "db": "NVD", "id": "CVE-2019-1601" }, { "db": "NVD", "id": "CVE-2019-1601" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to gain read and write access to a critical configuration file. The vulnerability is due to a failure to impose strict filesystem permissions on the targeted device. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow an attacker to use the content of this configuration file to bypass authentication and log in as any user of the device. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(25), 8.1(1b), and 8.3(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.1(5)N1(1b) and 7.3(3)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5). Cisco NX-OS There is an access control vulnerability in the software.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco NX-OS Software is a data center-level operating system software used by a set of switches of Cisco", "sources": [ { "db": "NVD", "id": "CVE-2019-1601" }, { "db": "JVNDB", "id": "JVNDB-2019-002530" }, { "db": "VULHUB", "id": "VHN-148113" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-1601", "trust": 2.5 }, { "db": "BID", "id": "107404", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2019-002530", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201903-183", "trust": 0.7 }, { "db": "NSFOCUS", "id": "42899", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.0704.5", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-148113", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-148113" }, { "db": "JVNDB", "id": "JVNDB-2019-002530" }, { "db": "CNNVD", "id": "CNNVD-201903-183" }, { "db": "NVD", "id": "CVE-2019-1601" } ] }, "id": "VAR-201903-0539", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-148113" } ], "trust": 0.01 }, "last_update_date": "2024-11-23T22:06:18.623000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "cisco-sa-20190306-nxos-file-access", "trust": 0.8, "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-file-access" }, { "title": "Cisco NX-OS Software Fixes for access control error vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89855" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-002530" }, { "db": "CNNVD", "id": "CNNVD-201903-183" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-284", "trust": 1.9 }, { "problemtype": "CWE-732", "trust": 1.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-148113" }, { "db": "JVNDB", "id": "JVNDB-2019-002530" }, { "db": "NVD", "id": "CVE-2019-1601" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "http://www.securityfocus.com/bid/107404" }, { "trust": 1.7, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190306-nxos-file-access" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1601" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1601" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/42899" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/76594" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/cisco-nx-os-nexus-multiple-vulnerabilities-28681" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/cisco-nx-os-privilege-escalation-via-filesystem-access-28782" } ], "sources": [ { "db": "VULHUB", "id": "VHN-148113" }, { "db": "JVNDB", "id": "JVNDB-2019-002530" }, { "db": "CNNVD", "id": "CNNVD-201903-183" }, { "db": "NVD", "id": "CVE-2019-1601" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-148113" }, { "db": "JVNDB", "id": "JVNDB-2019-002530" }, { "db": "CNNVD", "id": "CNNVD-201903-183" }, { "db": "NVD", "id": "CVE-2019-1601" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-03-08T00:00:00", "db": "VULHUB", "id": "VHN-148113" }, { "date": "2019-04-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-002530" }, { "date": "2019-03-06T00:00:00", "db": "CNNVD", "id": "CNNVD-201903-183" }, { "date": "2019-03-08T18:29:00.367000", "db": "NVD", "id": "CVE-2019-1601" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-10-08T00:00:00", "db": "VULHUB", "id": "VHN-148113" }, { "date": "2019-04-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-002530" }, { "date": "2020-10-09T00:00:00", "db": "CNNVD", "id": "CNNVD-201903-183" }, { "date": "2024-11-21T04:36:54.010000", "db": "NVD", "id": "CVE-2019-1601" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-201903-183" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Cisco NX-OS Software access control vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-002530" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "access control error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201903-183" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.