CVE-2019-1810 — MEDIUM (6.7)

Q: How severe is CVE-2019-1810?

CVE-2019-1810 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-1810?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Nx-Os, Cisco N3K-C3164Q, Cisco N3K-C3232C, Cisco N9K-C92304Qc, Cisco N9K-C9232C.

Vulnerability Description

A vulnerability in the Image Signature Verification feature used in an NX-OS CLI command in Cisco Nexus 3000 Series and 9000 Series Switches could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device. Note: If the device has not been patched for the vulnerability previously disclosed in the Cisco Security Advisory cisco-sa-20190306-nxos-sig-verif, a successful exploit could allow the attacker to boot a malicious software image.

CVSS Score

6.7

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cisco	Nx-Os	>= 6.1\(2\)i3\(4\), < 7.0\(3\)i7\(5\)
Cisco	N3K-C3164Q	-
Cisco	N3K-C3232C	-
Cisco	N9K-C92304Qc	-
Cisco	N9K-C9232C	-

Related Weaknesses (CWE)

CWE-347

References

http://www.securityfocus.com/bid/108431Broken LinkThird Party AdvisoryVDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
http://www.securityfocus.com/bid/108431Broken LinkThird Party AdvisoryVDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory

FAQ

What is CVE-2019-1810?

CVE-2019-1810 is a vulnerability with a CVSS score of 6.7 (MEDIUM). A vulnerability in the Image Signature Verification feature used in an NX-OS CLI command in Cisco Nexus 3000 Series and 9000 Series Switches could allow an authenticated, local attacker with administr...

How severe is CVE-2019-1810?

CVE-2019-1810 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-1810?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Nx-Os, Cisco N3K-C3164Q, Cisco N3K-C3232C, Cisco N9K-C92304Qc, Cisco N9K-C9232C.