CVE-2019-1604

CWE-285 CWE-863 — Incorrect Authorization5 documents5 sources

Severity

7.8HIGH

EPSS

0.3%

top 48.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Nexus 3000 Series Switches Cisco Nexus 3500 Platform Switches Cisco Nexus 3600 Platform Switches +4 more

Timeline

PublishedMar 8

Latest updateMay 13

Description

A vulnerability in the user account management interface of Cisco NX-OS Software could allow an authenticated, local attacker to gain elevated privileges on an affected device. The vulnerability is due to an incorrect authorization check of user accounts and their associated Group ID (GID). An attacker could exploit this vulnerability by taking advantage of a logic error that will permit the use of higher privileged commands than what is necessarily assigned. A successful exploit could allow an …

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages7 packages

▶CVEListV5cisco/nexus_7000_and_7700_series_switchesunspecified — 6.2(22)+2

▶CVEListV5cisco/nexus_9000_series_switches-standaloneunspecified — 7.0(3)I7(4)

▶CVEListV5cisco/nexus_3000_series_switchesunspecified — 7.0(3)I7(4)

▶CVEListV5cisco/nexus_9500_r-series_line_cards_and_fabric_modulesunspecified — 7.0(3)F3(5)

▶CVEListV5cisco/nexus_3500_platform_switchesunspecified — 7.0(3)I7(4)

Patches

Patch: tools.cisco.com ↗Patch: tools.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-jcrc-3h9p-854j: A vulnerability in the user account management interface of Cisco NX-OS Software could allow an authenticated, local attacker to gain elevated privile↗2022-05-13

▶

CVEList

Cisco NX-OS Software Privilege Escalation Vulnerability↗2019-03-08

▶

📋Vendor Advisories

Cisco

Cisco NX-OS Software Privilege Escalation Vulnerability↗2019-03-06

▶

💬Community

Bugzilla

CVE-2019-13296 ImageMagick: direct memory leaks in AcquireMagickMemory because of an error in CLIListOperatorImages in MagickWand/operation.c for a NULL value↗2019-07-17

▶