CVE-2019-1836Path Traversal in Cisco Nx-os Software FOR Nexus 9000 Series Fabric Switches ACI Mode

CWE-22Path TraversalCWE-59Link Following4 documents4 sources
Severity
7.1HIGHNVD
EPSS
0.2%
top 56.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Nx-os Software FOR Nexus 9000 Series Fabric Switches ACI ModeCisco Nx-os
Timeline
PublishedMay 3
Latest updateMay 24

Description

A vulnerability in the system shell for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to use symbolic links to overwrite system files. These system files may be sensitive and should not be overwritable by non-root users. The attacker would need valid device credentials. The vulnerability is due to incorrect symbolic link verification of directory paths when they are used in the system shell. An attacker could

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages2 packages

NVDcisco/nx-os14.0\(3d\)

🔴Vulnerability Details

2
GHSA
GHSA-3pmp-7vwx-87p3: A vulnerability in the system shell for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authen2022-05-24
CVEList
Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Symbolic Link Path Traversal Vulnerability2019-05-03

📋Vendor Advisories

1
Cisco
Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Symbolic Link Path Traversal Vulnerability2019-05-01
CVE-2019-1836 — Path Traversal in Cisco | cvebase