CVE-2019-1615

CWE-3475 documents5 sources

Severity

6.7MEDIUM

EPSS

0.1%

top 75.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Nexus 3000 Series Switches Cisco Nexus 9000 Series Fabric Switches IN ACI Mode Cisco Nexus 9000 Series Switches IN Standalone Nx-os Mode +2 more

Timeline

PublishedMar 11

Latest updateMay 13

Description

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability is due to improper verification of digital signatures for software images. An attacker could exploit this vulnerability by loading an unsigned software image on an affected device. A successful exploit could allow the attacker to boot a malicious software…

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages5 packages

▶CVEListV5cisco/nexus_9000_series_fabric_switches_in_aci_modeunspecified — 13.2(1l)

▶CVEListV5cisco/nexus_9000_series_switches_in_standalone_nx-os_modeunspecified — 7.0(3)I7(5)

▶CVEListV5cisco/nexus_9500_r-series_line_cards_and_fabric_modulesunspecified — 7.0(3)F3(5)

▶CVEListV5cisco/nexus_3000_series_switchesunspecified — 7.0(3)I7(5)

▶NVDcisco/nx-os4 versions+3

🔴Vulnerability Details

GHSA

GHSA-hq3r-r6cv-4q73: A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-le↗2022-05-13

▶

CVEList

Cisco NX-OS Software Image Signature Verification Vulnerability↗2019-03-11

▶

📋Vendor Advisories

Cisco

Cisco NX-OS Software Image Signature Verification Vulnerability↗2019-03-06

▶

💬Community

Bugzilla

CVE-2019-13307 ImageMagick: heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows↗2019-07-16

▶