CVE-2019-1591 — OS Command Injection in Cisco Nx-os

CWE-264 CWE-78 — OS Command Injection5 documents5 sources

Severity

7.8HIGHNVD

EPSS

0.2%

top 53.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Nx-os Cisco Nx-os Software FOR Nexus 9000 Series Fabric Switches ACI Mode

Timeline

PublishedMar 6

Latest updateMay 13

Description

A vulnerability in a specific CLI command implementation of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attacker to escape a restricted shell on an affected device. The vulnerability is due to insufficient sanitization of user-supplied input when issuing a specific CLI command with parameters on an affected device. An attacker could exploit this vulnerability by authenticating to the device CLI and issuing certain commands. A successful exploit could allo…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5cisco/cisco_nx-os_software_for_nexus_9000_series_fabric_switches_aci_mode14.0(3d)

▶NVDcisco/nx-os< 14.0\(3d\)

Patches

Patch: tools.cisco.com ↗Patch: tools.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-9285-57jw-cj77: A vulnerability in a specific CLI command implementation of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attac↗2022-05-13

▶

CVEList

Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Shell Escape Vulnerability↗2019-03-06

▶

📋Vendor Advisories

Cisco

Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Shell Escape Vulnerability↗2019-03-06

▶

💬Community

Bugzilla

CVE-2019-10165 openshift: OAuth access tokens written in plaintext to API server audit logs↗2019-06-11

▶