CVE-2019-1585Cisco Nx-os Software FOR Nexus 9000 Series Fabric Switches ACI Mode vulnerability

CWE-165 documents5 sources
Severity
7.8HIGHNVD
CNA6.7
EPSS
0.2%
top 59.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Nx-os Software FOR Nexus 9000 Series Fabric Switches ACI ModeCisco Application Policy Infrastructure Controller SoftwareCisco Nx-os
Timeline
PublishedMar 6
Latest updateMay 13

Description

A vulnerability in the controller authorization functionality of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attacker to escalate standard users with root privilege on an affected device. The vulnerability is due to a misconfiguration of certain sudoers files for the bashroot component on an affected device. An attacker could exploit this vulnerability by authenticating to the affected device with a crafted user ID, which may allow temporary administrativ

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDcisco/nx-os8.3\(0\)sk\(0.39\)

🔴Vulnerability Details

2
GHSA
GHSA-wmmj-3h5w-9p89: A vulnerability in the controller authorization functionality of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local2022-05-13
CVEList
Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode Privilege Escalation Vulnerability2019-03-06

📋Vendor Advisories

1
Cisco
Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode Privilege Escalation Vulnerability2019-03-06

💬Community

1
Bugzilla
CVE-2019-13301 ImageMagick: memory leaks in AcquireMagickMemory2019-07-17
CVE-2019-1585 — Cisco vulnerability | cvebase