CVE-2019-1614

CWE-77 — Command Injection CWE-78 — OS Command Injection5 documents5 sources

Severity

8.8HIGH

EPSS

1.0%

top 22.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco MDS 9000 Series Multilayer Switches Cisco Nexus 3000 Series Switches Cisco Nexus 3500 Platform Switches +3 more

Timeline

PublishedMar 11

Latest updateMay 13

Description

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to incorrect input validation of user-supplied data by the NX-API subsystem. An attacker could exploit this vulnerability by sending malicious HTTP or HTTPS packets to the management interface of an affected system that has the NX-API feature enabled. A successful exploit could allow the attacker to perform a comm…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

▶CVEListV5cisco/nexus_9000_series_switches_in_standalone_nx-os_modeunspecified — 7.0(3)I4(9)+1

▶CVEListV5cisco/nexus_7000_and_7700_series_switchesunspecified — 7.3(3)D1(1)+1

▶CVEListV5cisco/nexus_3000_series_switchesunspecified — 7.0(3)I4(9)+1

▶CVEListV5cisco/mds_9000_series_multilayer_switchesunspecified — 8.1(1b)+1

▶CVEListV5cisco/nexus_3500_platform_switchesunspecified — 7.0(3)I7(4)

🔴Vulnerability Details

GHSA

GHSA-hq92-fm59-p6hc: A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root pr↗2022-05-13

▶

CVEList

Cisco NX-OS Software NX-API Command Injection Vulnerability↗2019-03-11

▶

📋Vendor Advisories

Cisco

Cisco NX-OS Software NX-API Command Injection Vulnerability↗2019-03-06

▶

💬Community

Bugzilla

CVE-2019-13304 ImageMagick: stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment↗2019-07-16

▶