cbcvebase.
CVE-2019-1809
published 2019-05-15

CVE-2019-1809: A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level…

medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by crafting an unsigned software patch to bypass signature checks and loading it on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image.

Affected

34 ranges· showing 25
VendorProductVersion rangeFixed in
ciscocisco_nx-os_software>= unspecified < 8.3(1)8.3(1)
cisconx-os
cisconx-os>= 3.1 < 3.2\(3k\)3.2\(3k\)
cisconx-os>= 7.2 < 7.3\(3\)d1\(1\)7.3\(3\)d1\(1\)
cisconx-os>= 7.3 < 8.1\(1a\)8.1\(1a\)
cisconx-os>= 8.0 < 8.2\(3\)8.2\(3\)
cisconx-os>= 8.2 < 8.3\(1\)8.3\(1\)
msrcmicrosoft_net_framework_2.0_service_pack_2
msrcmicrosoft_net_framework_3.0_service_pack_2
msrcmicrosoft_net_framework_3.5
msrcmicrosoft_net_framework_3.5.1
msrcmicrosoft_net_framework_3.5_and_4.7.2
msrcmicrosoft_net_framework_3.5_and_4.8
msrcmicrosoft_net_framework_4.5.2
msrcmicrosoft_net_framework_4.6
msrcmicrosoft_net_framework_4.6_4.6.1_4.6.2
msrcmicrosoft_net_framework_4.6_4.6.1_4.6.2_4.7_4.7.1_4.7.2
msrcmicrosoft_net_framework_4.8
msrcwindows_10_version_1809_for_32-bit_systems
msrcwindows_10_version_1809_for_arm64-based_systems
msrcwindows_10_version_1809_for_x64-based_systems
msrcwindows_10_version_20h2_for_32-bit_systems
msrcwindows_10_version_20h2_for_arm64-based_systems
msrcwindows_10_version_21h1_for_32-bit_systems
msrcwindows_10_version_21h1_for_arm64-based_systems