CVE-2019-1600

CWE-264CWE-732Incorrect Permission AssignmentCWE-131CWE-3909 documents6 sources
Severity
4.4MEDIUM
EPSS
0.1%
top 68.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
Cisco Firepower 4100 Series Next-generation FirewallsCisco Firepower 9300 Series Next-generation FirewallsCisco MDS 9000 Series Multilayer Switches+8 more
Timeline
PublishedMar 7
Latest updateSep 17

Description

A vulnerability in the file system permissions of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive information that is stored in the file system of an affected system. The vulnerability is due to improper implementation of file system permissions. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow the attacker to access sensitive and critical files. Firepower 4100

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages11 packages

CVEListV5cisco/nexus_9000_series_switches-standaloneunspecified7.0(3)I4(9)+1
CVEListV5cisco/nexus_7000_and_7700_series_switchesunspecified6.2(22)+2
CVEListV5cisco/nexus_3000_series_switchesunspecified7.0(3)I4(9)+1
CVEListV5cisco/nexus_9500_r-series_line_cards_and_fabric_modulesunspecified7.0(3)F3(5)
CVEListV5cisco/mds_9000_series_multilayer_switchesunspecified6.2(25)+2

Patches

Patch: tools.cisco.comPatch: tools.cisco.com

🔴Vulnerability Details

2
GHSA
GHSA-jxp7-39vp-v468: A vulnerability in the file system permissions of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to access2022-05-11
CVEList
Cisco FXOS and NX-OS Software Unauthorized Directory Access Vulnerability2019-03-07

📋Vendor Advisories

2
Red Hat
kernel: Linux Kernel: Denial of Service in CAN BCM due to uninitialized memory read2025-09-17
Cisco
Cisco FXOS and NX-OS Software Unauthorized Directory Access Vulnerability2019-03-06

💬Community

3
Bugzilla
CVE-2023-53344 kernel: Linux Kernel: Denial of Service in CAN BCM due to uninitialized memory read2025-09-17
Bugzilla
CVE-2019-13134 ImageMagick: a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c2019-07-02
Bugzilla
CVE-2019-13133 ImageMagick: a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c2019-07-02
CVE-2019-1600 (MEDIUM CVSS 4.4) | A vulnerability in the file system | cvebase.io