1. Home
  2. CVE Database
  3. CVE-2019-1592
HIGH · 7.8

CVE-2019-1592

A vulnerability in the background operations functionality of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an authenticated, local attacker to gain...

Vulnerability Description

A vulnerability in the background operations functionality of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an authenticated, local attacker to gain elevated privileges as root on an affected device. The vulnerability is due to insufficient validation of user-supplied files on an affected device. An attacker could exploit this vulnerability by logging in to the CLI of the affected device and creating a crafted file in a specific directory on the filesystem. A successful exploit could allow the attacker to execute arbitrary operating system commands as root on an affected device.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
CiscoNx-Os14.1\(0.90\)
CiscoNexus 9000-
CiscoNexus 92160Yc-X-
CiscoNexus 92300Yc-
CiscoNexus 92304Qc-
CiscoNexus 9236C-
CiscoNexus 9272Q-
CiscoNexus 93108Tc-Ex-
CiscoNexus 93108Tc-Fx-
CiscoNexus 93120Tx-
CiscoNexus 93128Tx-
CiscoNexus 93180Lc-Ex-
CiscoNexus 93180Yc-Ex-
CiscoNexus 93180Yc-Fx-
CiscoNexus 93240Yc-Fx2-
CiscoNexus 9332C-
CiscoNexus 9332Pq-
CiscoNexus 9336C-Fx2-
CiscoNexus 9336Pq-
CiscoNexus 9348Gc-Fxp-

Related Weaknesses (CWE)

CWE-20CWE-264

References

FAQ

What is CVE-2019-1592?

CVE-2019-1592 is a vulnerability with a CVSS score of 7.8 (HIGH). A vulnerability in the background operations functionality of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an authenticated, local attacker to gain...

How severe is CVE-2019-1592?

CVE-2019-1592 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-1592?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Nx-Os, Cisco Nexus 9000, Cisco Nexus 92160Yc-X, Cisco Nexus 92300Yc, Cisco Nexus 92304Qc.