CVE-2019-1729 — Improper Input Validation in Cisco Nx-os Software

CWE-20 — Improper Input Validation CWE-347 — Improper Verification of Cryptographic Signature4 documents4 sources

Severity

6.0MEDIUMNVD

EPSS

0.1%

top 73.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Nx-os Software Cisco Nx-os

Timeline

PublishedMay 15

Latest updateMay 24

Description

A vulnerability in the CLI implementation of a specific command used for image maintenance for Cisco NX-OS Software could allow an authenticated, local attacker to overwrite any file on the file system including system files. These file overwrites by the attacker are accomplished at the root privilege level. The vulnerability occurs because there is no verification of user-input parameters and or digital-signature verification for image files when using a specific CLI command. An attacker could …

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:HExploitability: 0.8 | Impact: 5.2

Affected Packages2 packages

▶CVEListV5cisco/cisco_nx-os_softwareunspecified — 8.3(1)

▶NVDcisco/nx-os7.0\(3\)i7 — 7.0\(3\)i7\(4\)+2

🔴Vulnerability Details

GHSA

GHSA-r2c4-53pj-jrgp: A vulnerability in the CLI implementation of a specific command used for image maintenance for Cisco NX-OS Software could allow an authenticated, loca↗2022-05-24

▶

CVEList

Cisco NX-OS Software Arbitrary File Overwrite Vulnerability↗2019-05-15

▶

📋Vendor Advisories

Cisco

Cisco NX-OS Software Arbitrary File Overwrite Vulnerability↗2019-05-15

▶