CVE-2019-1607

CWE-77Command InjectionCWE-885 documents5 sources
Severity
6.7MEDIUM
EPSS
0.1%
top 69.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Nexus 7000 AND 7700 Series SwitchesCisco Nx-os
Timeline
PublishedMar 8
Latest updateMay 13

Description

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating s

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5cisco/nexus_7000_and_7700_series_switchesunspecified6.2(22)+2
NVDcisco/nx-os8.08.2\(3\)+2

Patches

Patch: tools.cisco.comPatch: tools.cisco.com

🔴Vulnerability Details

2
GHSA
GHSA-f9j7-2567-jg9h: A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operat2022-05-13
CVEList
Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1607)2019-03-08

📋Vendor Advisories

1
Cisco
Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1607)2019-03-06