CVE-2019-1618

CWE-275CWE-732Incorrect Permission Assignment4 documents4 sources
Severity
7.8HIGH
EPSS
0.2%
top 59.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Nexus 9000 Series Switches IN Standalone Nx-os ModeCisco Nx-os
Timeline
PublishedMar 11
Latest updateMay 13

Description

A vulnerability in the Tetration Analytics agent for Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to execute arbitrary code as root. The vulnerability is due to an incorrect permissions setting. An attacker could exploit this vulnerability by replacing valid agent files with malicious code. A successful exploit could result in the execution of code supplied by the attacker. Nexus 9000 Series Switches in Standalone NX-OS Mode are affected

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5cisco/nexus_9000_series_switches_in_standalone_nx-os_modeunspecified7.0(3)I7(5)
NVDcisco/nx-os7.0\(3\)i47.0\(3\)i7\(5\)

🔴Vulnerability Details

2
GHSA
GHSA-j323-5f92-wmq5: A vulnerability in the Tetration Analytics agent for Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local att2022-05-13
CVEList
Cisco Nexus 9000 Series Switches Standalone NX-OS Mode Tetration Analytics Agent Arbitrary Code Execution Vulnerability2019-03-11

📋Vendor Advisories

1
Cisco
Cisco Nexus 9000 Series Switches Standalone NX-OS Mode Tetration Analytics Agent Arbitrary Code Execution Vulnerability2019-03-06