CVE-2019-1809Improper Verification of Cryptographic Signature in Cisco Nx-os Software

CWE-347Improper Verification of Cryptographic Signature34 documents7 sources
Severity
6.7MEDIUMNVD
EPSS
0.0%
top 87.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Nx-os SoftwareCisco Nx-os
Timeline
PublishedMay 15
Latest updateJul 7

Description

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by crafting an unsigned software patch to bypass signature checks and loading it on an affected device. A successful exploit could allow t

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5cisco/cisco_nx-os_softwareunspecified8.3(1)
NVDcisco/nx-os7.38.1\(1a\)+4

🔴Vulnerability Details

2
GHSA
GHSA-7g3p-mpgp-q5c5: A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-le2022-05-24
CVEList
Cisco NX-OS Software Patch Signature Verification Bypass Vulnerability2019-05-15

💥Exploits & PoCs

25
Exploit-DB
Windows 10 v21H1 - HTTP Protocol Stack Remote Code Execution2023-07-07
Exploit-DB
Microsoft Windows 10 build 1809 - Local Privilege Escalation (UAC Bypass)2020-01-13
Exploit-DB
AppXSvc 17763 - Arbitrary File Overwrite (DoS)2019-12-11
Exploit-DB
AppXSvc - Privilege Escalation2019-09-16
Exploit-DB
Microsoft Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass2019-08-26

📋Vendor Advisories

2
Microsoft
.NET Framework Remote Code Execution Vulnerability2020-08-11
Cisco
Cisco NX-OS Software Patch Signature Verification Bypass Vulnerability2019-05-15
CVE-2019-1809 — Cisco Nx-os Software vulnerability | cvebase