CVE-2019-1601 - Vulnerability Details - OpenCVE

Description

A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to gain read and write access to a critical configuration file. The vulnerability is due to a failure to impose strict filesystem permissions on the targeted device. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow an attacker to use the content of this configuration file to bypass authentication and log in as any user of the device. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(25), 8.1(1b), and 8.3(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.1(5)N1(1b) and 7.3(3)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).

Published: 2019-03-08

Score: 7.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Cisco

MDS 9000 Series Multilayer Switches

affected

Version	Status	Constraints
`unspecified`	affected	< 6.2(25)
`unspecified`	affected	< 8.1(1b)
`unspecified`	affected	< 8.3(1)

Cisco

Nexus 3000 Series Switches

affected

Version	Status	Constraints
`unspecified`	affected	< 7.0(3)I4(9)
`unspecified`	affected	< 7.0(3)I7(4)

Cisco

Nexus 3500 Platform Switches

affected

Version	Status	Constraints
`unspecified`	affected	< 6.0(2)A8(10)
`unspecified`	affected	< 7.0(3)I7(4)

Cisco

Nexus 3600 Platform Switches

affected

Version	Status	Constraints
`unspecified`	affected	< 7.0(3)F3(5)

Cisco

Nexus 2000, 5500, 5600, and 6000 Series Switches

affected

Version	Status	Constraints
`unspecified`	affected	< 7.1(5)N1(1b)
`unspecified`	affected	< 7.3(3)N1(1)

Cisco

Nexus 7000 and 7700 Series Switches

affected

Version	Status	Constraints
`unspecified`	affected	< 6.2(22)
`unspecified`	affected	< 7.3(3)D1(1)
`unspecified`	affected	< 8.2(3)

Cisco

Nexus 9000 Series Switches-Standalone

affected

Version	Status	Constraints
`unspecified`	affected	< 7.0(3)I4(9)
`unspecified`	affected	< 7.0(3)I7(4)

Cisco

Nexus 9500 R-Series Line Cards and Fabric Modules

affected

Version	Status	Constraints
`unspecified`	affected	< 7.0(3)F3(5)

Configuration 1 [-]

AND

cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:mds_9000:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:nexus_3500:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:nexus_3000:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:nexus_3600:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:nexus_9000:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:nexus_9500:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:mds_9000:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:mds_9000:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:nexus_3000:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:nexus_7000:-:::::::*
	cpe:2.3:h:cisco:nexus_7700:-:::::::*

Configuration 11 [-]

AND

cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:nexus_7000:-:::::::*
	cpe:2.3:h:cisco:nexus_7700:-:::::::*

Configuration 12 [-]

AND

cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:nexus_7000:-:::::::*
	cpe:2.3:h:cisco:nexus_7700:-:::::::*

Configuration 13 [-]

AND

cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:nexus_9000:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:nexus_3500:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:nexus_2000:-:::::::*
	cpe:2.3:h:cisco:nexus_5500:-:::::::*
	cpe:2.3:h:cisco:nexus_5600:-:::::::*
	cpe:2.3:h:cisco:nexus_6000:-:::::::*

Configuration 16 [-]

AND

cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:nexus_2000:-:::::::*
	cpe:2.3:h:cisco:nexus_5500:-:::::::*
	cpe:2.3:h:cisco:nexus_5600:-:::::::*
	cpe:2.3:h:cisco:nexus_6000:-:::::::*

Configuration 17 [-]

AND

cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:nexus_7000:-:::::::*
	cpe:2.3:h:cisco:nexus_7700:-:::::::*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2019-10158	A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to gain read and write access to a critical configuration file. The vulnerability is due to a failure to impose strict filesystem permissions on the targeted device. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow an attacker to use the content of this configuration file to bypass authentication and log in as any user of the device. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(25), 8.1(1b), and 8.3(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.1(5)N1(1b) and 7.3(3)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00066.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
http://www.securityfocus.com/bid/107404
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-file-access

History

Wed, 20 Nov 2024 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Subscriptions

Cisco Mds 9000 Nexus 2000 Nexus 3000 Nexus 3500 Nexus 3600 Nexus 5500 Nexus 5600 Nexus 6000 Nexus 7000 Nexus 7700 Nexus 9000 Nexus 9500 Nx-os

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2019-03-08T18:00:00.000Z

Updated: 2024-11-20T17:26:44.729Z

Reserved: 2018-12-06T00:00:00.000Z

Link: CVE-2019-1601

Vulnrichment

Updated: 2024-08-04T18:20:28.355Z

NVD

Status : Modified

Published: 2019-03-08T18:29:00.367

Modified: 2024-11-21T04:36:54.010

Link: CVE-2019-1601

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

{"containers": {"cna": {"affected": [{"product": "MDS 9000 Series Multilayer Switches", "vendor": "Cisco", "versions": [{"lessThan": "6.2(25)", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "8.1(1b)", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "8.3(1)", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Nexus 3000 Series Switches", "vendor": "Cisco", "versions": [{"lessThan": "7.0(3)I4(9)", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "7.0(3)I7(4)", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Nexus 3500 Platform Switches", "vendor": "Cisco", "versions": [{"lessThan": "6.0(2)A8(10)", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "7.0(3)I7(4)", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Nexus 3600 Platform Switches", "vendor": "Cisco", "versions": [{"lessThan": "7.0(3)F3(5)", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Nexus 2000, 5500, 5600, and 6000 Series Switches", "vendor": "Cisco", "versions": [{"lessThan": "7.1(5)N1(1b)", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "7.3(3)N1(1)", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Nexus 7000 and 7700 Series Switches", "vendor": "Cisco", "versions": [{"lessThan": "6.2(22)", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "7.3(3)D1(1)", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "8.2(3)", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Nexus 9000 Series Switches-Standalone", "vendor": "Cisco", "versions": [{"lessThan": "7.0(3)I4(9)", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "7.0(3)I7(4)", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Nexus 9500 R-Series Line Cards and Fabric Modules", "vendor": "Cisco", "versions": [{"lessThan": "7.0(3)F3(5)", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2019-03-06T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to gain read and write access to a critical configuration file. The vulnerability is due to a failure to impose strict filesystem permissions on the targeted device. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow an attacker to use the content of this configuration file to bypass authentication and log in as any user of the device. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(25), 8.1(1b), and 8.3(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.1(5)N1(1b) and 7.3(3)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5)."}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-03-15T09:57:01.000Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20190306 Cisco NX-OS Software Unauthorized Filesystem Access Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-file-access"}, {"name": "107404", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/107404"}], "source": {"advisory": "cisco-sa-20190306-nxos-file-access", "defect": [["CSCvi42317", "CSCvi42331", "CSCvi96476", "CSCvi96478", "CSCvi96486"]], "discovery": "INTERNAL"}, "title": "Cisco NX-OS Software Unauthorized Filesystem Access Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-03-06T16:00:00-0800", "ID": "CVE-2019-1601", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS Software Unauthorized Filesystem Access Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "MDS 9000 Series Multilayer Switches", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_value": "6.2(25)"}, {"affected": "<", "version_affected": "<", "version_value": "8.1(1b)"}, {"affected": "<", "version_affected": "<", "version_value": "8.3(1)"}]}}, {"product_name": "Nexus 3000 Series Switches", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_value": "7.0(3)I4(9)"}, {"affected": "<", "version_affected": "<", "version_value": "7.0(3)I7(4)"}]}}, {"product_name": "Nexus 3500 Platform Switches", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_value": "6.0(2)A8(10)"}, {"affected": "<", "version_affected": "<", "version_value": "7.0(3)I7(4)"}]}}, {"product_name": "Nexus 3600 Platform Switches", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_value": "7.0(3)F3(5)"}]}}, {"product_name": "Nexus 2000, 5500, 5600, and 6000 Series Switches", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_value": "7.1(5)N1(1b)"}, {"affected": "<", "version_affected": "<", "version_value": "7.3(3)N1(1)"}]}}, {"product_name": "Nexus 7000 and 7700 Series Switches", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_value": "6.2(22)"}, {"affected": "<", "version_affected": "<", "version_value": "7.3(3)D1(1)"}, {"affected": "<", "version_affected": "<", "version_value": "8.2(3)"}]}}, {"product_name": "Nexus 9000 Series Switches-Standalone", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_value": "7.0(3)I4(9)"}, {"affected": "<", "version_affected": "<", "version_value": "7.0(3)I7(4)"}]}}, {"product_name": "Nexus 9500 R-Series Line Cards and Fabric Modules", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_value": "7.0(3)F3(5)"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to gain read and write access to a critical configuration file. The vulnerability is due to a failure to impose strict filesystem permissions on the targeted device. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow an attacker to use the content of this configuration file to bypass authentication and log in as any user of the device. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(25), 8.1(1b), and 8.3(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.1(5)N1(1b) and 7.3(3)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5)."}]}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "impact": {"cvss": {"baseScore": "7.8", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-284"}]}]}, "references": {"reference_data": [{"name": "20190306 Cisco NX-OS Software Unauthorized Filesystem Access Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-file-access"}, {"name": "107404", "refsource": "BID", "url": "http://www.securityfocus.com/bid/107404"}]}, "source": {"advisory": "cisco-sa-20190306-nxos-file-access", "defect": [["CSCvi42317", "CSCvi42331", "CSCvi96476", "CSCvi96478", "CSCvi96486"]], "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T18:20:28.355Z"}, "title": "CVE Program Container", "references": [{"name": "20190306 Cisco NX-OS Software Unauthorized Filesystem Access Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-file-access"}, {"name": "107404", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/107404"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-20T16:55:44.659510Z", "id": "CVE-2019-1601", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-20T17:26:44.729Z"}}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1601", "datePublished": "2019-03-08T18:00:00.000Z", "dateReserved": "2018-12-06T00:00:00.000Z", "dateUpdated": "2024-11-20T17:26:44.729Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-file-access", "name": "20190306 Cisco NX-OS Software Unauthorized Filesystem Access Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"]}, {"url": "http://www.securityfocus.com/bid/107404", "name": "107404", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T18:20:28.355Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-1601", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-20T16:55:44.659510Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-20T16:56:39.489Z"}}], "cna": {"title": "Cisco NX-OS Software Unauthorized Filesystem Access Vulnerability", "source": {"defect": [["CSCvi42317", "CSCvi42331", "CSCvi96476", "CSCvi96478", "CSCvi96486"]], "advisory": "cisco-sa-20190306-nxos-file-access", "discovery": "INTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Cisco", "product": "MDS 9000 Series Multilayer Switches", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "6.2(25)", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "8.1(1b)", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "8.3(1)", "versionType": "custom"}]}, {"vendor": "Cisco", "product": "Nexus 3000 Series Switches", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "7.0(3)I4(9)", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "7.0(3)I7(4)", "versionType": "custom"}]}, {"vendor": "Cisco", "product": "Nexus 3500 Platform Switches", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "6.0(2)A8(10)", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "7.0(3)I7(4)", "versionType": "custom"}]}, {"vendor": "Cisco", "product": "Nexus 3600 Platform Switches", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "7.0(3)F3(5)", "versionType": "custom"}]}, {"vendor": "Cisco", "product": "Nexus 2000, 5500, 5600, and 6000 Series Switches", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "7.1(5)N1(1b)", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "7.3(3)N1(1)", "versionType": "custom"}]}, {"vendor": "Cisco", "product": "Nexus 7000 and 7700 Series Switches", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "6.2(22)", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "7.3(3)D1(1)", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "8.2(3)", "versionType": "custom"}]}, {"vendor": "Cisco", "product": "Nexus 9000 Series Switches-Standalone", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "7.0(3)I4(9)", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "7.0(3)I7(4)", "versionType": "custom"}]}, {"vendor": "Cisco", "product": "Nexus 9500 R-Series Line Cards and Fabric Modules", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "7.0(3)F3(5)", "versionType": "custom"}]}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "datePublic": "2019-03-06T00:00:00.000Z", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-file-access", "name": "20190306 Cisco NX-OS Software Unauthorized Filesystem Access Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"]}, {"url": "http://www.securityfocus.com/bid/107404", "name": "107404", "tags": ["vdb-entry", "x_refsource_BID"]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to gain read and write access to a critical configuration file. The vulnerability is due to a failure to impose strict filesystem permissions on the targeted device. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow an attacker to use the content of this configuration file to bypass authentication and log in as any user of the device. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(25), 8.1(1b), and 8.3(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.1(5)N1(1b) and 7.3(3)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5)."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2019-03-15T09:57:01.000Z"}, "x_legacyV4Record": {"impact": {"cvss": {"version": "3.0", "baseScore": "7.8", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}, "source": {"defect": [["CSCvi42317", "CSCvi42331", "CSCvi96476", "CSCvi96478", "CSCvi96486"]], "advisory": "cisco-sa-20190306-nxos-file-access", "discovery": "INTERNAL"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"affected": "<", "version_value": "6.2(25)", "version_affected": "<"}, {"affected": "<", "version_value": "8.1(1b)", "version_affected": "<"}, {"affected": "<", "version_value": "8.3(1)", "version_affected": "<"}]}, "product_name": "MDS 9000 Series Multilayer Switches"}, {"version": {"version_data": [{"affected": "<", "version_value": "7.0(3)I4(9)", "version_affected": "<"}, {"affected": "<", "version_value": "7.0(3)I7(4)", "version_affected": "<"}]}, "product_name": "Nexus 3000 Series Switches"}, {"version": {"version_data": [{"affected": "<", "version_value": "6.0(2)A8(10)", "version_affected": "<"}, {"affected": "<", "version_value": "7.0(3)I7(4)", "version_affected": "<"}]}, "product_name": "Nexus 3500 Platform Switches"}, {"version": {"version_data": [{"affected": "<", "version_value": "7.0(3)F3(5)", "version_affected": "<"}]}, "product_name": "Nexus 3600 Platform Switches"}, {"version": {"version_data": [{"affected": "<", "version_value": "7.1(5)N1(1b)", "version_affected": "<"}, {"affected": "<", "version_value": "7.3(3)N1(1)", "version_affected": "<"}]}, "product_name": "Nexus 2000, 5500, 5600, and 6000 Series Switches"}, {"version": {"version_data": [{"affected": "<", "version_value": "6.2(22)", "version_affected": "<"}, {"affected": "<", "version_value": "7.3(3)D1(1)", "version_affected": "<"}, {"affected": "<", "version_value": "8.2(3)", "version_affected": "<"}]}, "product_name": "Nexus 7000 and 7700 Series Switches"}, {"version": {"version_data": [{"affected": "<", "version_value": "7.0(3)I4(9)", "version_affected": "<"}, {"affected": "<", "version_value": "7.0(3)I7(4)", "version_affected": "<"}]}, "product_name": "Nexus 9000 Series Switches-Standalone"}, {"version": {"version_data": [{"affected": "<", "version_value": "7.0(3)F3(5)", "version_affected": "<"}]}, "product_name": "Nexus 9500 R-Series Line Cards and Fabric Modules"}]}, "vendor_name": "Cisco"}]}}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "data_type": "CVE", "references": {"reference_data": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-file-access", "name": "20190306 Cisco NX-OS Software Unauthorized Filesystem Access Vulnerability", "refsource": "CISCO"}, {"url": "http://www.securityfocus.com/bid/107404", "name": "107404", "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to gain read and write access to a critical configuration file. The vulnerability is due to a failure to impose strict filesystem permissions on the targeted device. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow an attacker to use the content of this configuration file to bypass authentication and log in as any user of the device. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(25), 8.1(1b), and 8.3(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.1(5)N1(1b) and 7.3(3)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-284"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2019-1601", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS Software Unauthorized Filesystem Access Vulnerability", "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-03-06T16:00:00-0800"}}}}, "cveMetadata": {"cveId": "CVE-2019-1601", "state": "PUBLISHED", "dateUpdated": "2024-11-20T17:26:44.729Z", "dateReserved": "2018-12-06T00:00:00.000Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2019-03-08T18:00:00.000Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "F4863FC5-6578-48DE-838D-E5D2EEFF27B1", "versionEndExcluding": "8.3\\(1\\)", "versionStartIncluding": "8.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:mds_9000:-:*:*:*:*:*:*:*", "matchCriteriaId": "1FD00AB9-F2DD-4D07-8DFF-E7B34824D66A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "F24A8F48-7C57-40DD-AF84-3CB2940611DF", "versionEndExcluding": "7.0\\(3\\)i7\\(4\\)", "versionStartIncluding": "7.0\\(3\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_3500:-:*:*:*:*:*:*:*", "matchCriteriaId": "A8E1073F-D374-4311-8F12-AD8C72FAA293", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "C59A80D2-51B2-42C4-8FAA-F00A42388F90", "versionEndExcluding": "7.0\\(3\\)i7\\(4\\)", "versionStartIncluding": "7.0\\(3\\)i5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_3000:-:*:*:*:*:*:*:*", "matchCriteriaId": "10FFC5E8-CC5A-4D31-A63A-19E72EC442AB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "AB649123-3091-4A8E-A992-42E7BAE299ED", "versionEndExcluding": "7.0\\(3\\)f3\\(5\\)", "versionStartIncluding": "7.0\\(3\\)f3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_3600:-:*:*:*:*:*:*:*", "matchCriteriaId": "97217080-455C-48E4-8CE1-6D5B9485864F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "C59A80D2-51B2-42C4-8FAA-F00A42388F90", "versionEndExcluding": "7.0\\(3\\)i7\\(4\\)", "versionStartIncluding": "7.0\\(3\\)i5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_9000:-:*:*:*:*:*:*:*", "matchCriteriaId": "8EBEBA5B-5589-417B-BF3B-976083E9FE54", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C856C77-493C-4543-8958-A9AEBBDCBBDD", "versionEndExcluding": "7.0\\(3\\)f3\\(5\\)", "versionStartIncluding": "7.0\\(3\\)f1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_9500:-:*:*:*:*:*:*:*", "matchCriteriaId": "63BE0266-1C00-4D6A-AD96-7F82532ABAA7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "86770ECC-BC1D-42BC-A65B-FCE598491BEE", "versionEndExcluding": "8.1\\(1b\\)", "versionStartIncluding": "7.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:mds_9000:-:*:*:*:*:*:*:*", "matchCriteriaId": "1FD00AB9-F2DD-4D07-8DFF-E7B34824D66A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "105D7ED0-4F72-4AD1-AC75-6075745FBB79", "versionEndExcluding": "6.2\\(25\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:mds_9000:-:*:*:*:*:*:*:*", "matchCriteriaId": "1FD00AB9-F2DD-4D07-8DFF-E7B34824D66A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "92B576CF-5EAD-4830-A7B7-ACC434349691", "versionEndExcluding": "7.0\\(3\\)i4\\(9\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_3000:-:*:*:*:*:*:*:*", "matchCriteriaId": "10FFC5E8-CC5A-4D31-A63A-19E72EC442AB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "F4863FC5-6578-48DE-838D-E5D2EEFF27B1", "versionEndExcluding": "8.3\\(1\\)", "versionStartIncluding": "8.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*", "matchCriteriaId": "12180BEB-7F21-4FA7-ABD2-E9A8EA7340F3", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_7700:-:*:*:*:*:*:*:*", "matchCriteriaId": "DD7A4B4B-3BB1-4A4D-911E-C4EEF01BBC45", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "3411F8C2-D65A-46CF-9563-0A9866462491", "versionEndExcluding": "7.3\\(3\\)d1\\(1\\)", "versionStartIncluding": "7.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*", "matchCriteriaId": "12180BEB-7F21-4FA7-ABD2-E9A8EA7340F3", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_7700:-:*:*:*:*:*:*:*", "matchCriteriaId": "DD7A4B4B-3BB1-4A4D-911E-C4EEF01BBC45", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "A67D92F3-7EE1-4CFD-9608-4E35994C1BC4", "versionEndExcluding": "6.2\\(22\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*", "matchCriteriaId": "12180BEB-7F21-4FA7-ABD2-E9A8EA7340F3", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_7700:-:*:*:*:*:*:*:*", "matchCriteriaId": "DD7A4B4B-3BB1-4A4D-911E-C4EEF01BBC45", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "92B576CF-5EAD-4830-A7B7-ACC434349691", "versionEndExcluding": "7.0\\(3\\)i4\\(9\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_9000:-:*:*:*:*:*:*:*", "matchCriteriaId": "8EBEBA5B-5589-417B-BF3B-976083E9FE54", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B1386A3-38D8-40A7-9828-AF76A910F533", "versionEndExcluding": "6.0\\(2\\)a8\\(10\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_3500:-:*:*:*:*:*:*:*", "matchCriteriaId": "A8E1073F-D374-4311-8F12-AD8C72FAA293", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "245920C2-3FEF-45FB-ADD5-ACD3BB32F880", "versionEndExcluding": "7.3\\(3\\)n1\\(1\\)", "versionStartIncluding": "7.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_2000:-:*:*:*:*:*:*:*", "matchCriteriaId": "AB2FDB70-C681-4927-97F4-2B466E718859", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_5500:-:*:*:*:*:*:*:*", "matchCriteriaId": "BFC8699E-81C0-4374-B827-71B3916B910D", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_5600:-:*:*:*:*:*:*:*", "matchCriteriaId": "870F4379-68F6-4B34-B99B-107DFE0DBD63", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_6000:-:*:*:*:*:*:*:*", "matchCriteriaId": "6A58223F-3B15-420B-A6D4-841451CF0380", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "934E7941-C773-4032-944B-4AC57FB11D23", "versionEndExcluding": "7.1\\(5\\)n1\\(1b\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_2000:-:*:*:*:*:*:*:*", "matchCriteriaId": "AB2FDB70-C681-4927-97F4-2B466E718859", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_5500:-:*:*:*:*:*:*:*", "matchCriteriaId": "BFC8699E-81C0-4374-B827-71B3916B910D", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_5600:-:*:*:*:*:*:*:*", "matchCriteriaId": "870F4379-68F6-4B34-B99B-107DFE0DBD63", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_6000:-:*:*:*:*:*:*:*", "matchCriteriaId": "6A58223F-3B15-420B-A6D4-841451CF0380", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "BB6385BB-DBB5-4292-B47B-7CB5C5946400", "versionEndExcluding": "8.1\\(2\\)", "versionStartIncluding": "8.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*", "matchCriteriaId": "12180BEB-7F21-4FA7-ABD2-E9A8EA7340F3", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_7700:-:*:*:*:*:*:*:*", "matchCriteriaId": "DD7A4B4B-3BB1-4A4D-911E-C4EEF01BBC45", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to gain read and write access to a critical configuration file. The vulnerability is due to a failure to impose strict filesystem permissions on the targeted device. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow an attacker to use the content of this configuration file to bypass authentication and log in as any user of the device. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(25), 8.1(1b), and 8.3(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.1(5)N1(1b) and 7.3(3)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5)."}, {"lang": "es", "value": "Una vulnerabilidad en los permisos de \"filesystem\" del software NX-OS de Cisco podr\u00eda permitir a un atacante local autenticado obtener acceso de lectura y escritura a un archivo de configuraci\u00f3n cr\u00edtico. La vulnerabilidad se debe a un fallo para imponer permisos de \"filesystem\" estrictos en el dispositivo objetivo. Un atacante podr\u00eda explotar esta vulnerabilidad modificando y accediendo a los archivos restringidos. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante utilizar el contenido de este archivo de configuraci\u00f3n para omitir una autenticaci\u00f3n e iniciar sesi\u00f3n como cualquier usuario del dispositivo. Los switches de MDS 9000 Series Multilayer se ven afectados en versiones anteriores a las 6.2(25), 8.1(1b) y 8.3(1). Los switches de Nexus 3000 Series se ven afectados en versiones anteriores a las 7.0(3)I4(9) y 7.0(3)I7(4). Los switches de Nexus 3500 Platform se ven afectados en versiones anteriores a la 6.0(2)A8(10) y 7.0(3)I7(4). Los switches de Nexus 3600 Platform se ven afectados en versiones anteriores a la 7.0(3)F3(5). Los switches de Nexus, en sus series 5500, 5600 y 6000, se ven afectados en versiones anteriores a las 7.1(5)N1(1b) y 7.3(3)N1(1). Los switches de Nexus, en sus series 7000 y 7700, se ven afectados en versiones anteriores a las 6.2(22), 7.3(3)D1(1) y 8.2(3). Los switches de Nexus 9000 Series-Standalone se ven afectados en versiones anteriores a las 7.0(3)I4(9) y 7.0(3)I7(4). Los switches de 9500 R-Series Line Cards y Fabric Modules se ven afectados en versiones anteriores a la 7.0(3)F3(5)."}], "id": "CVE-2019-1601", "lastModified": "2024-11-21T04:36:54.010", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "ykramarz@cisco.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-03-08T18:29:00.367", "references": [{"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/107404"}, {"source": "ykramarz@cisco.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-file-access"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/107404"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-file-access"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "ykramarz@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}]}