CVE-2019-1726Improper Input Validation in Cisco Nx-os Software

CWE-20Improper Input ValidationCWE-78OS Command Injection4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 87.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Nx-os SoftwareCisco Nx-os
Timeline
PublishedMay 15
Latest updateMay 24

Description

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to access internal services that should be restricted on an affected device, such as the NX-API. The vulnerability is due to insufficient validation of arguments passed to a certain CLI command. An attacker could exploit this vulnerability by including malicious input as the argument to the affected command. A successful exploit could allow the attacker to bypass intended restrictions and access inter

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5cisco/cisco_nx-os_softwareunspecified6.2(25)+3
NVDcisco/nx-os5.26.2\(25\)+9

🔴Vulnerability Details

2
GHSA
GHSA-vf5v-h8cw-pwgf: A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to access internal services that should be restricted2022-05-24
CVEList
Cisco NX-OS Software CLI Bypass to Internal Service Vulnerability2019-05-15

📋Vendor Advisories

1
Cisco
Cisco NX-OS Software CLI Bypass to Internal Service Vulnerability2019-05-16
CVE-2019-1726 — Improper Input Validation in Cisco | cvebase