CVE-2019-1727 — MEDIUM (6.7)

Q: How severe is CVE-2019-1727?

CVE-2019-1727 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-1727?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Nx-Os, Cisco Mds 9000, Cisco Mds 9100, Cisco Mds 9200, Cisco Mds 9500.

Vulnerability Description

A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and issue arbitrary commands to elevate the attacker's privilege level. The vulnerability is due to insufficient sanitization of user-supplied parameters that are passed to certain Python functions in the scripting sandbox of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands to elevate the attacker's privilege level. To exploit this vulnerability, the attacker must have local access and be authenticated to the targeted device with administrative or Python execution privileges. These requirements could limit the possibility of a successful exploit.

CVSS Score

6.7

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cisco	Nx-Os	>= 5.2, < 8.1\(1b\)
Cisco	Mds 9000	-
Cisco	Mds 9100	-
Cisco	Mds 9200	-
Cisco	Mds 9500	-
Cisco	Mds 9700	-
Cisco	Nexus 3000	-
Cisco	Nexus 3100	-
Cisco	Nexus 3100-Z	-
Cisco	Nexus 3100V	-
Cisco	Nexus 3200	-
Cisco	Nexus 3400	-
Cisco	Nexus 3500	-
Cisco	Nexus 3524-X	-
Cisco	Nexus 3524-Xl	-
Cisco	Nexus 3548-X	-
Cisco	Nexus 3548-Xl	-
Cisco	Nexus 3600	-
Cisco	Nexus 9000	-
Cisco	Nexus 9200	-

Related Weaknesses (CWE)

CWE-78 CWE-264

References

http://www.securityfocus.com/bid/108341Third Party AdvisoryVDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
http://www.securityfocus.com/bid/108341Third Party AdvisoryVDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory

FAQ

What is CVE-2019-1727?

CVE-2019-1727 is a vulnerability with a CVSS score of 6.7 (MEDIUM). A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and issue arbitrary commands to elevate the attacker'...

How severe is CVE-2019-1727?

CVE-2019-1727 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-1727?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Nx-Os, Cisco Mds 9000, Cisco Mds 9100, Cisco Mds 9200, Cisco Mds 9500.