CVE-2019-1732
published 2019-05-15CVE-2019-1732: A vulnerability in the Remote Package Manager (RPM) subsystem of Cisco NX-OS Software could allow an authenticated, local attacker with administrator…
medium6.4CVSS 3.1
AVLACHPRHUINSUCHIHAH
A vulnerability in the Remote Package Manager (RPM) subsystem of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to leverage a time-of-check, time-of-use (TOCTOU) race condition to corrupt local variables, which could lead to arbitrary command injection. The vulnerability is due to the lack of a proper locking mechanism on critical variables that need to stay static until used. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a set of RPM-related CLI commands. A successful exploit could allow the attacker to perform arbitrary command injection. The attacker would need administrator credentials for the targeted device.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_nx-os_software | >= unspecified < 8.3(1) | 8.3(1) |
| cisco | nx-os | — | — |
| cisco | nx-os | >= 7.0\(3\)i4 < 7.0\(3\)i7\(4\) | 7.0\(3\)i7\(4\) |
| cisco | nx_os | >= 7.0\(3\) < 7.0\(3\)f3\(5\) | 7.0\(3\)f3\(5\) |