Vulnerability Description
A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Nx-Os | >= 6.0\(2\), < 7.0\(3\)i7\(5\) |
| Cisco | Nexus 3048 | - |
| Cisco | Nexus 31108Pc-V | - |
| Cisco | Nexus 31108Tc-V | - |
| Cisco | Nexus 31128Pq | - |
| Cisco | Nexus 3132C-Z | - |
| Cisco | Nexus 3132Q-V | - |
| Cisco | Nexus 3132Q-X\/3132Q-Xl | - |
| Cisco | Nexus 3164Q | - |
| Cisco | Nexus 3172Pq\/Pq-Xl | - |
| Cisco | Nexus 3172Tq-Xl | - |
| Cisco | Nexus 3232C | - |
| Cisco | Nexus 3264C-E | - |
| Cisco | Nexus 3264Q | - |
| Cisco | Nexus 3408-S | - |
| Cisco | Nexus 34180Yc | - |
| Cisco | Nexus 3432D-S | - |
| Cisco | Nexus 3464C | - |
| Cisco | Nexus 3524-X\/Xl | - |
| Cisco | Nexus 3548-X\/Xl | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/108425Broken LinkThird Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- http://www.securityfocus.com/bid/108425Broken LinkThird Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2019-1812?
CVE-2019-1812 is a vulnerability with a CVSS score of 6.7 (MEDIUM). A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software im...
How severe is CVE-2019-1812?
CVE-2019-1812 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-1812?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Nx-Os, Cisco Nexus 3048, Cisco Nexus 31108Pc-V, Cisco Nexus 31108Tc-V, Cisco Nexus 31128Pq.