CVE-2019-1587Improper Input Validation in Cisco Application Policy Infrastructure Controller

CWE-399CWE-20Improper Input Validation4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.4%
top 39.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Application Policy Infrastructure ControllerCisco Nx-os
Timeline
PublishedMay 3
Latest updateMay 24

Description

A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, remote attacker to access sensitive information. The vulnerability occurs because the affected software does not properly validate user-supplied input. An attacker could exploit this vulnerability by issuing certain commands with filtered query results on the device. This action may cause returned messages to display confidential system information. A successf

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5cisco/cisco_application_policy_infrastructure_controllerunspecified4.2(0.33c)
NVDcisco/nx-os8.3\(0\)sk\(0.39\)

🔴Vulnerability Details

2
GHSA
GHSA-mh5m-6p72-9p94: A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, remote attac2022-05-24
CVEList
Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Filter Query Information Disclosure Vulnerability2019-05-03

📋Vendor Advisories

1
Cisco
Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Filter Query Information Disclosure Vulnerability2019-05-01
CVE-2019-1587 — Improper Input Validation in Cisco | cvebase