1. Home
  2. CVE Database
  3. CVE-2019-1803
MEDIUM · 6.7

CVE-2019-1803

A vulnerability in the filesystem management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an authenticated, local attacker with administrat...

Vulnerability Description

A vulnerability in the filesystem management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an authenticated, local attacker with administrator rights to gain elevated privileges as the root user on an affected device. The vulnerability is due to overly permissive file permissions of specific system files. An attacker could exploit this vulnerability by authenticating to an affected device, creating a crafted command string, and writing this crafted string to a specific file location. A successful exploit could allow the attacker to execute arbitrary operating system commands as root on an affected device. The attacker would need to have valid administrator credentials for the device.

CVSS Score

6.7

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
CiscoNexus 9000 Series Application Centric Infrastructure-
CiscoNexus 93108Tc-Ex-
CiscoNexus 93120Tx-
CiscoNexus 93128Tx-
CiscoNexus 93180Lc-Ex-
CiscoNexus 93180Tc-Ex-
CiscoNexus 93180Yc-Ex-
CiscoNexus 93180Yc-Fx-
CiscoNexus 9332Pq-
CiscoNexus 9336C-Fx2-
CiscoNexus 9336Pq Aci Spine-
CiscoNexus 9348Gc-Fxp-
CiscoNexus 9364C-
CiscoNexus 9372Px-
CiscoNexus 9372Px-E-
CiscoNexus 9372Tx-
CiscoNexus 9372Tx-E-
CiscoNexus 9396Px-
CiscoNexus 9396Tx-
CiscoNexus 9504-

Related Weaknesses (CWE)

CWE-732CWE-264

References

FAQ

What is CVE-2019-1803?

CVE-2019-1803 is a vulnerability with a CVSS score of 6.7 (MEDIUM). A vulnerability in the filesystem management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an authenticated, local attacker with administrat...

How severe is CVE-2019-1803?

CVE-2019-1803 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-1803?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Nexus 9000 Series Application Centric Infrastructure, Cisco Nexus 93108Tc-Ex, Cisco Nexus 93120Tx, Cisco Nexus 93128Tx, Cisco Nexus 93180Lc-Ex.