Vulnerability Description
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system of an attached line card with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system of an attached line card with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Nx-Os | < 7.0\(3\)i7\(6\) |
| Cisco | Nexus 3016 | - |
| Cisco | Nexus 3048 | - |
| Cisco | Nexus 3064 | - |
| Cisco | Nexus 3064-T | - |
| Cisco | Nexus 31108Pc-V | - |
| Cisco | Nexus 31108Tc-V | - |
| Cisco | Nexus 31128Pq | - |
| Cisco | Nexus 3132C-Z | - |
| Cisco | Nexus 3132Q | - |
| Cisco | Nexus 3132Q-V | - |
| Cisco | Nexus 3132Q-Xl | - |
| Cisco | Nexus 3164Q | - |
| Cisco | Nexus 3172 | - |
| Cisco | Nexus 3172Pq-Xl | - |
| Cisco | Nexus 3172Tq | - |
| Cisco | Nexus 3172Tq-32T | - |
| Cisco | Nexus 3172Tq-Xl | - |
| Cisco | Nexus 3232C | - |
| Cisco | Nexus 3264C-E | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/108393Broken LinkThird Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- http://www.securityfocus.com/bid/108393Broken LinkThird Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2019-1769?
CVE-2019-1769 is a vulnerability with a CVSS score of 6.7 (MEDIUM). A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system of...
How severe is CVE-2019-1769?
CVE-2019-1769 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-1769?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Nx-Os, Cisco Nexus 3016, Cisco Nexus 3048, Cisco Nexus 3064, Cisco Nexus 3064-T.