1. Home
  2. CVE Database
  3. CVE-2019-12662
MEDIUM · 6.7

CVE-2019-12662

A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service imag...

Vulnerability Description

A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper signature verification during the installation of an Open Virtual Appliance (OVA) image. An authenticated, local attacker could exploit this vulnerability and load a malicious, unsigned OVA image on an affected device. A successful exploit could allow an attacker to perform code execution on a crafted software OVA image.

CVSS Score

6.7

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
CiscoIos Xe16.8.1
CiscoNx-Os8.1\(0.2\)s0
CiscoMds 9000-
CiscoNexus 9000V-
CiscoNexus 92160Yc-X-
CiscoNexus 92300Yc-
CiscoNexus 92304Qc-
CiscoNexus 92348Gc-X-
CiscoNexus 9236C-
CiscoNexus 9272Q-
CiscoNexus 93108Tc-Ex-
CiscoNexus 93108Tc-Fx-
CiscoNexus 93120Tx-
CiscoNexus 93128Tx-
CiscoNexus 93180Lc-Ex-
CiscoNexus 93180Yc-Ex-
CiscoNexus 93180Yc-Fx-
CiscoNexus 93216Tc-Fx2-
CiscoNexus 93240Yc-Fx2-
CiscoNexus 9332C-

Related Weaknesses (CWE)

CWE-347

References

FAQ

What is CVE-2019-12662?

CVE-2019-12662 is a vulnerability with a CVSS score of 6.7 (MEDIUM). A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service imag...

How severe is CVE-2019-12662?

CVE-2019-12662 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-12662?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios Xe, Cisco Nx-Os, Cisco Mds 9000, Cisco Nexus 9000V, Cisco Nexus 92160Yc-X.