CVE-2019-12662Improper Verification of Cryptographic Signature in Cisco Nx-os Software 6.0 A1

CWE-347Improper Verification of Cryptographic Signature4 documents4 sources
Severity
6.7MEDIUMNVD
EPSS
0.0%
top 90.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Nx-os Software 6.0 A1Cisco IOS XECisco Nx-os
Timeline
PublishedSep 25
Latest updateMay 24

Description

A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper signature verification during the installation of an Open Virtual Appliance (OVA) image. An authenticated, local attacker could exploit this vulnerability and load a malicious, unsigned OVA image on an af

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5cisco/cisco_nx-os_software_6.0_a1unspecifiedn/a
NVDcisco/nx-os4 versions+3
NVDcisco/ios_xe16.8.1

🔴Vulnerability Details

2
GHSA
GHSA-pqr2-367x-jwhw: A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege l2022-05-24
CVEList
Cisco NX-OS and IOS XE Software Virtual Service Image Signature Bypass Vulnerability2019-09-25

📋Vendor Advisories

1
Cisco
Cisco NX-OS and IOS XE Software Virtual Service Image Signature Bypass Vulnerability2019-09-25
CVE-2019-12662 — Cisco vulnerability | cvebase