Vulnerability Description
A vulnerability in the Secure Configuration Validation functionality of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to run arbitrary commands at system boot time with the privileges of root. The vulnerability is due to a lack of proper validation of system files when the persistent configuration information is read from the file system. An attacker could exploit this vulnerability by authenticating to the device and overwriting the persistent configuration storage with malicious executable files. An exploit could allow the attacker to run arbitrary commands at system startup and those commands will run as the root user. The attacker must have valid administrative credentials for the device.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Nx-Os | >= 8.1, < 8.1\(1b\) |
| Cisco | Mds 9000 | - |
| Cisco | Mds 9100 | - |
| Cisco | Mds 9200 | - |
| Cisco | Mds 9500 | - |
| Cisco | Mds 9700 | - |
| Cisco | Nexus 3000 | - |
| Cisco | Nexus 3100 | - |
| Cisco | Nexus 3100-Z | - |
| Cisco | Nexus 3100V | - |
| Cisco | Nexus 3200 | - |
| Cisco | Nexus 3400 | - |
| Cisco | Nexus 3500 | - |
| Cisco | Nexus 3600 | - |
| Cisco | Nexus 9000 | - |
| Cisco | Nexus 9200 | - |
| Cisco | Nexus 9300 | - |
| Cisco | Nexus 9500 | - |
| Cisco | Nexus 3524-X | - |
| Cisco | Nexus 3524-Xl | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/108391
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- http://www.securityfocus.com/bid/108391
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2019-1728?
CVE-2019-1728 is a vulnerability with a CVSS score of 6.7 (MEDIUM). A vulnerability in the Secure Configuration Validation functionality of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to run arbitrary commands at system bo...
How severe is CVE-2019-1728?
CVE-2019-1728 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-1728?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Nx-Os, Cisco Mds 9000, Cisco Mds 9100, Cisco Mds 9200, Cisco Mds 9500.