CVE-2019-1613

CWE-77Command InjectionCWE-885 documents5 sources
Severity
6.7MEDIUM
EPSS
0.1%
top 80.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Cisco MDS 9000 Series Multilayer SwitchesCisco Nexus 3000 Series SwitchesCisco Nexus 3500 Platform Switches+5 more
Timeline
PublishedMar 11
Latest updateMay 13

Description

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating s

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages8 packages

CVEListV5cisco/nexus_9000_series_switches_in_standalone_nx-os_modeunspecified7.0(3)I4(9)+1
CVEListV5cisco/nexus_7000_and_7700_series_switchesunspecified6.2(22)+1
CVEListV5cisco/nexus_3000_series_switchesunspecified7.0(3)I4(9)+1
CVEListV5cisco/nexus_9500_r-series_line_cards_and_fabric_modulesunspecified7.0(3)F3(5)
CVEListV5cisco/nexus_3500_platform_switchesunspecified6.0(2)A8(11)+1

🔴Vulnerability Details

2
GHSA
GHSA-hrx3-8v75-xqrh: A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operat2022-05-13
CVEList
Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1613)2019-03-11

📋Vendor Advisories

1
Cisco
Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1613)2019-03-06

💬Community

1
Bugzilla
CVE-2019-13305 ImageMagick: stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error2019-07-16
CVE-2019-1613 (MEDIUM CVSS 6.7) | A vulnerability in the CLI of Cisco | cvebase.io