CVE-2019-1734

CWE-200 — Information Exposure4 documents4 sources

Severity

5.5MEDIUM

EPSS

0.2%

top 57.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Nx-os Software Cisco Firepower Extensible Operating System Cisco Nx-os

Timeline

PublishedNov 5

Latest updateMay 24

Description

A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to view sensitive system files that should be restricted. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to incomplete role-based access control (RBAC) verification. An attacker could exploit this vulnerability by authenticating to the device and issuing a specific CLI diagnos…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5cisco/cisco_nx-os_softwareunspecified — 6.2(7)

▶NVDcisco/firepower_extensible_operating_system2.3 — 2.3.1.111+2

▶NVDcisco/nx-os7.0\(3\)i7 — 7.0\(3\)i7\(6\)+9

🔴Vulnerability Details

GHSA

GHSA-ccrq-mrj7-rq78: A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local↗2022-05-24

▶

CVEList

Cisco FXOS and NX-OS Software Sensitive File Read Information Disclosure Vulnerability↗2019-11-05

▶

📋Vendor Advisories

Cisco

Cisco FXOS and NX-OS Software Sensitive File Read Information Disclosure Vulnerability↗2019-05-15

▶