CVE-2019-1767Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Nx-os Software

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-78OS Command InjectionCWE-77Command Injection4 documents4 sources
Severity
6.7MEDIUMNVD
EPSS
0.2%
top 55.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Nx-os SoftwareCisco Nx-os
Timeline
PublishedMay 15
Latest updateMay 24

Description

A vulnerability in the implementation of a specific CLI command for Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to cause a buffer overflow condition or perform command injection. This could allow the attacker to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to a certain CLI command. An attacker could exploit t

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5cisco/cisco_nx-os_softwareunspecified8.3(1)
NVDcisco/nx-os< 8.3\(1\)

🔴Vulnerability Details

2
GHSA
GHSA-xg28-jx54-8mvj: Multiple vulnerabilities in the implementation of a specific CLI command for Cisco NX-OS Software could allow an authenticated, local attacker with ad2022-05-24
CVEList
Cisco NX-OS Software Buffer Overflow and Command Injection Vulnerability2019-05-15

📋Vendor Advisories

1
Cisco
Cisco NX-OS Software Buffer Overflow and Command Injection Vulnerabilities2019-05-15
CVE-2019-1767 — Cisco Nx-os Software vulnerability | cvebase