Vulnerability Description
A vulnerability in the file system permissions of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive information that is stored in the file system of an affected system. The vulnerability is due to improper implementation of file system permissions. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow the attacker to access sensitive and critical files. Firepower 4100 Series Next-Generation Firewalls are affected in versions prior to 2.2.2.91 and 2.3.1.110. Firepower 9300 Series Next-Generation Firewalls are affected in versions prior to 2.2.2.91 and 2.3.1.110. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(25), 8.1(1b), and 8.3(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.1(5)N1(1b) and 7.3(3)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Firepower Extensible Operating System | >= 1.1, < 2.2.2.91 |
| Cisco | Firepower 4100 | - |
| Cisco | Firepower 9300 | - |
| Cisco | Nx-Os | >= 8.2, < 8.3\(1\) |
| Cisco | Mds 9000 | - |
| Cisco | Nexus 3000 | - |
| Cisco | Nexus 3500 | - |
| Cisco | Nexus 3600 | - |
| Cisco | Nexus 2000 | - |
| Cisco | Nexus 5500 | - |
| Cisco | Nexus 5600 | - |
| Cisco | Nexus 6000 | - |
| Cisco | Nexus 7000 | - |
| Cisco | Nexus 7700 | - |
| Cisco | Nexus 9000 | - |
| Cisco | Nexus 9500 | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/107399Third Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/107404Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2PatchVendor Advisory
- http://www.securityfocus.com/bid/107399Third Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/107404Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2PatchVendor Advisory
FAQ
What is CVE-2019-1600?
CVE-2019-1600 is a vulnerability with a CVSS score of 4.4 (MEDIUM). A vulnerability in the file system permissions of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive information that is stored in the file s...
How severe is CVE-2019-1600?
CVE-2019-1600 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-1600?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Firepower Extensible Operating System, Cisco Firepower 4100, Cisco Firepower 9300, Cisco Nx-Os, Cisco Mds 9000.