CVE-2019-1810Improper Verification of Cryptographic Signature in Cisco Nx-os Software

CWE-347Improper Verification of Cryptographic Signature7 documents6 sources
Severity
6.7MEDIUMNVD
EPSS
0.1%
top 78.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Nx-os SoftwareCisco Nx-os
Timeline
PublishedMay 15
Latest updateMay 24

Description

A vulnerability in the Image Signature Verification feature used in an NX-OS CLI command in Cisco Nexus 3000 Series and 9000 Series Switches could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected d

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5cisco/cisco_nx-os_softwareunspecified8.3(1)
NVDcisco/nx-os6.1\(2\)i3\(4\)7.0\(3\)i7\(5\)+5

🔴Vulnerability Details

2
GHSA
GHSA-3jwq-498g-6473: A vulnerability in the Image Signature Verification feature used in an NX-OS CLI command in Cisco Nexus 3000 Series and 9000 Series Switches could all2022-05-24
CVEList
Cisco Nexus 3000 Series and 9000 Series Switches in NX-OS Mode CLI Command Software Image Signature Verification Vulnerability2019-05-15

💥Exploits & PoCs

1
Exploit-DB
CentOS Control Web Panel 0.9.8.838 - User Enumeration2019-07-16

📋Vendor Advisories

1
Cisco
Cisco Nexus 3000 Series and 9000 Series Switches in NX-OS Mode CLI Command Software Image Signature Verification Vulnerability2019-05-15

💬Community

1
Bugzilla
CVE-2019-19924 sqlite: incorrect sqlite3WindowRewrite() error handling leads to mishandling certain parser-tree rewriting2020-01-08
CVE-2019-1810 — Cisco Nx-os Software vulnerability | cvebase