CVE-2019-1608

CWE-77Command InjectionCWE-885 documents5 sources
Severity
6.7MEDIUM
EPSS
0.1%
top 75.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco MDS 9000 Series Multilayer SwitchesCisco Nexus 7000 AND 7700 Series SwitchesCisco Nx-os
Timeline
PublishedMar 8
Latest updateMay 13

Description

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating s

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5cisco/nexus_7000_and_7700_series_switchesunspecified6.2(22)+2
CVEListV5cisco/mds_9000_series_multilayer_switchesunspecified6.2(27)+2
NVDcisco/nx-os8.28.3\(1\)+5

🔴Vulnerability Details

2
GHSA
GHSA-9p57-w95j-8fjh: A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operat2022-05-13
CVEList
Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1608)2019-03-08

📋Vendor Advisories

1
Cisco
Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1608)2019-03-06

💬Community

1
Bugzilla
CVE-2019-13295 ImageMagick: heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled2019-07-17
CVE-2019-1608 (MEDIUM CVSS 6.7) | A vulnerability in the CLI of Cisco | cvebase.io