CVE-2019-1811 - Vulnerability Details

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00069.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco Subscribe	9432pq Subscribe 9536pq Subscribe 9636pq Subscribe 9736pq Subscribe N9k-c9504-fm-r Subscribe N9k-c9508-fm-r Subscribe N9k-x9432c-s Subscribe N9k-x9464px Subscribe N9k-x9464tx2 Subscribe N9k-x9564px Subscribe N9k-x9564tx Subscribe N9k-x9636c-r Subscribe N9k-x9636c-rx Subscribe N9k-x97160yc-ex Subscribe N9k-x9732c-ex Subscribe N9k-x9732c-fx Subscribe N9k-x9736c-ex Subscribe N9k-x9736c-fx Subscribe N9k-x9788tc-fx Subscribe Nexus 3048 Subscribe Nexus 31108pc-v Subscribe Nexus 31108tc-v Subscribe Nexus 31128pq Subscribe Nexus 3132c-z Subscribe Nexus 3132q-v Subscribe Nexus 3132q-x\/3132q-xl Subscribe Nexus 3164q Subscribe Nexus 3172pq\/pq-xl Subscribe Nexus 3172tq-xl Subscribe Nexus 3232c Subscribe Nexus 3264c-e Subscribe Nexus 3264q Subscribe Nexus 3408-s Subscribe Nexus 34180yc Subscribe Nexus 3432d-s Subscribe Nexus 3464c Subscribe Nexus 3524-x\/xl Subscribe Nexus 3548-x\/xl Subscribe Nexus 36180yc-r Subscribe Nexus 3636c-r Subscribe Nexus 92160yc-x Subscribe Nexus 92300yc Subscribe Nexus 93108tc-ex Subscribe Nexus 93108tc-fx Subscribe Nexus 93120tx Subscribe Nexus 9316d-gx Subscribe Nexus 93180lc-ex Subscribe Nexus 93180yc-ex Subscribe Nexus 93180yc-fx Subscribe Nexus 93216tc-fx2 Subscribe Nexus 93240yc-fx2 Subscribe Nexus 9332c Subscribe Nexus 93360yc-fx2 Subscribe Nexus 9336c-fx2 Subscribe Nexus 9348gc-fxp Subscribe Nexus 93600cd-gx Subscribe Nexus 9364c Subscribe Nexus 9500 Supervisor A Subscribe Nexus 9500 Supervisor A\+ Subscribe Nexus 9500 Supervisor B Subscribe Nexus 9500 Supervisor B\+ Subscribe Nexus 9504 Subscribe Nexus 9508 Subscribe Nexus 9516 Subscribe Nx-os Subscribe X9636q-r Subscribe

Configuration 1 [-]

AND

OR	cpe:2.3:o:cisco:nx-os::::::::
	cpe:2.3:o:cisco:nx-os::::::::

OR	cpe:2.3:h:cisco:nexus_3048:-:::::::*
	cpe:2.3:h:cisco:nexus_31108pc-v:-:::::::*
	cpe:2.3:h:cisco:nexus_31108tc-v:-:::::::*
	cpe:2.3:h:cisco:nexus_31128pq:-:::::::*
	cpe:2.3:h:cisco:nexus_3132c-z:-:::::::*
	cpe:2.3:h:cisco:nexus_3132q-v:-:::::::*
	cpe:2.3:h:cisco:nexus_3132q-x\/3132q-xl:-:::::::*
	cpe:2.3:h:cisco:nexus_3164q:-:::::::*
	cpe:2.3:h:cisco:nexus_3172pq\/pq-xl:-:::::::*
	cpe:2.3:h:cisco:nexus_3172tq-xl:-:::::::*
	cpe:2.3:h:cisco:nexus_3232c:-:::::::*
	cpe:2.3:h:cisco:nexus_3264c-e:-:::::::*
	cpe:2.3:h:cisco:nexus_3264q:-:::::::*
	cpe:2.3:h:cisco:nexus_3408-s:-:::::::*
	cpe:2.3:h:cisco:nexus_34180yc:-:::::::*
	cpe:2.3:h:cisco:nexus_3432d-s:-:::::::*
	cpe:2.3:h:cisco:nexus_3464c:-:::::::*
	cpe:2.3:h:cisco:nexus_3524-x\/xl:-:::::::*
	cpe:2.3:h:cisco:nexus_3548-x\/xl:-:::::::*
	cpe:2.3:h:cisco:nexus_36180yc-r:-:::::::*
	cpe:2.3:h:cisco:nexus_3636c-r:-:::::::*

Configuration 2 [-]

AND

OR	cpe:2.3:o:cisco:nx-os::::::::
	cpe:2.3:o:cisco:nx-os::::::::

OR	cpe:2.3:h:cisco:n9k-c9504-fm-r:-:::::::*
	cpe:2.3:h:cisco:n9k-c9508-fm-r:-:::::::*
	cpe:2.3:h:cisco:nexus_36180yc-r:-:::::::*
	cpe:2.3:h:cisco:nexus_3636c-r:-:::::::*

Configuration 3 [-]

AND

OR	cpe:2.3:o:cisco:nx-os::::::::
	cpe:2.3:o:cisco:nx-os::::::::

OR	cpe:2.3:h:cisco:9432pq:-:::::::*
	cpe:2.3:h:cisco:9536pq:-:::::::*
	cpe:2.3:h:cisco:9636pq:-:::::::*
	cpe:2.3:h:cisco:9736pq:-:::::::*
	cpe:2.3:h:cisco:n9k-x9432c-s:-:::::::*
	cpe:2.3:h:cisco:n9k-x9464px:-:::::::*
	cpe:2.3:h:cisco:n9k-x9464tx2:-:::::::*
	cpe:2.3:h:cisco:n9k-x9564px:-:::::::*
	cpe:2.3:h:cisco:n9k-x9564tx:-:::::::*
	cpe:2.3:h:cisco:n9k-x9636c-r:-:::::::*
	cpe:2.3:h:cisco:n9k-x9636c-rx:-:::::::*
	cpe:2.3:h:cisco:n9k-x97160yc-ex:-:::::::*
	cpe:2.3:h:cisco:n9k-x9732c-ex:-:::::::*
	cpe:2.3:h:cisco:n9k-x9732c-fx:-:::::::*
	cpe:2.3:h:cisco:n9k-x9736c-ex:-:::::::*
	cpe:2.3:h:cisco:n9k-x9736c-fx:-:::::::*
	cpe:2.3:h:cisco:n9k-x9788tc-fx:-:::::::*
	cpe:2.3:h:cisco:nexus_92160yc-x:-:::::::*
	cpe:2.3:h:cisco:nexus_92300yc:-:::::::*
	cpe:2.3:h:cisco:nexus_93108tc-ex:-:::::::*
	cpe:2.3:h:cisco:nexus_93108tc-fx:-:::::::*
	cpe:2.3:h:cisco:nexus_93120tx:-:::::::*
	cpe:2.3:h:cisco:nexus_9316d-gx:-:::::::*
	cpe:2.3:h:cisco:nexus_93180lc-ex:-:::::::*
	cpe:2.3:h:cisco:nexus_93180yc-ex:-:::::::*
	cpe:2.3:h:cisco:nexus_93180yc-fx:-:::::::*
	cpe:2.3:h:cisco:nexus_93216tc-fx2:-:::::::*
	cpe:2.3:h:cisco:nexus_93240yc-fx2:-:::::::*
	cpe:2.3:h:cisco:nexus_9332c:-:::::::*
	cpe:2.3:h:cisco:nexus_93360yc-fx2:-:::::::*
	cpe:2.3:h:cisco:nexus_9336c-fx2:-:::::::*
	cpe:2.3:h:cisco:nexus_9348gc-fxp:-:::::::*
	cpe:2.3:h:cisco:nexus_93600cd-gx:-:::::::*
	cpe:2.3:h:cisco:nexus_9364c:-:::::::*
	cpe:2.3:h:cisco:nexus_9500_supervisor_a:-:::::::*
	cpe:2.3:h:cisco:nexus_9500_supervisor_a\+:-:::::::*
	cpe:2.3:h:cisco:nexus_9500_supervisor_b:-:::::::*
	cpe:2.3:h:cisco:nexus_9500_supervisor_b\+:-:::::::*
	cpe:2.3:h:cisco:nexus_9504:-:::::::*
	cpe:2.3:h:cisco:nexus_9508:-:::::::*
	cpe:2.3:h:cisco:nexus_9516:-:::::::*
	cpe:2.3:h:cisco:x9636q-r:-:::::::*

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2019-10368	A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://www.securityfocus.com/bid/108425
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-sisv2

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2019-05-15T22:20:32.758700Z

Updated: 2024-11-20T17:18:58.154Z

Reserved: 2018-12-06T00:00:00

Link: CVE-2019-1811

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-05-15T23:29:01.230

Modified: 2024-11-21T04:37:25.917

Link: CVE-2019-1811

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-347

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Projects

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object