CVE-2019-1728Improper Verification of Cryptographic Signature in Cisco Nx-os Software

CWE-347Improper Verification of Cryptographic Signature6 documents6 sources
Severity
6.7MEDIUMNVD
EPSS
0.1%
top 70.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Nx-os SoftwareCisco Nx-os
Timeline
PublishedMay 15
Latest updateMay 24

Description

A vulnerability in the Secure Configuration Validation functionality of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to run arbitrary commands at system boot time with the privileges of root. The vulnerability is due to a lack of proper validation of system files when the persistent configuration information is read from the file system. An attacker could exploit this vulnerability by authenticating to the device and overwriting the persistent configu

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5cisco/cisco_nx-os_softwareunspecified8.3(1)
NVDcisco/nx-os8.18.1\(1b\)+10

🔴Vulnerability Details

2
GHSA
GHSA-27c7-fgf3-w57p: A vulnerability in the Secure Configuration Validation functionality of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, loc2022-05-24
CVEList
Cisco FXOS and NX-OS Software Secure Configuration Bypass Vulnerability2019-05-15

📋Vendor Advisories

2
Microsoft
System Center Operations Manager Elevation of Privilege Vulnerability2021-02-09
Cisco
Cisco FXOS and NX-OS Software Secure Configuration Bypass Vulnerability2019-05-15

💬Community

1
Bugzilla
CVE-2019-10138 python-novajoin: novajoin API lacks access control2019-01-29
CVE-2019-1728 — Cisco Nx-os Software vulnerability | cvebase