CVE-2019-1728
Published May 15, 2019
Last updated 5 years ago
Overview
- Description
- A vulnerability in the Secure Configuration Validation functionality of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to run arbitrary commands at system boot time with the privileges of root. The vulnerability is due to a lack of proper validation of system files when the persistent configuration information is read from the file system. An attacker could exploit this vulnerability by authenticating to the device and overwriting the persistent configuration storage with malicious executable files. An exploit could allow the attacker to run arbitrary commands at system startup and those commands will run as the root user. The attacker must have valid administrative credentials for the device.
- Source
- ykramarz@cisco.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 6.7
- Impact score
- 5.9
- Exploitability score
- 0.8
- Vector string
- CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 7.2
- Impact score
- 10
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:C/A:C
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0AF827BB-FFDE-4D1E-A727-A8D7480001A5",
"versionEndExcluding": "8.1\\(1b\\)",
"versionStartIncluding": "8.1"
},
{
"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F4863FC5-6578-48DE-838D-E5D2EEFF27B1",
"versionEndExcluding": "8.3\\(1\\)",
"versionStartIncluding": "8.2"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:mds_9000:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "1FD00AB9-F2DD-4D07-8DFF-E7B34824D66A"
},
{
"criteria": "cpe:2.3:h:cisco:mds_9100:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "54C0D908-D7BA-48C3-9963-14A3A32A2662"
},
{
"criteria": "cpe:2.3:h:cisco:mds_9200:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "B25B92ED-37C0-4653-9C5E-B4C13C46464C"
},
{
"criteria": "cpe:2.3:h:cisco:mds_9500:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "2374E02D-46FE-477F-A74D-49E72149E6EC"
},
{
"criteria": "cpe:2.3:h:cisco:mds_9700:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "C44335D8-8A78-486C-A325-9691FA4C3271"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D857756F-8C20-4B59-BA89-8373954B0093",
"versionEndExcluding": "7.0\\(3\\)i7\\(3\\)",
"versionStartIncluding": "7.0\\(3\\)i7"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:nexus_3000:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "10FFC5E8-CC5A-4D31-A63A-19E72EC442AB"
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3100:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "41C14CC9-C244-4B86-AEA6-C50BAD5DA9A6"
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3100-z:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "D14D4B4E-120E-4607-A4F1-447C7BF3052E"
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3100v:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "15702ACB-29F3-412D-8805-E107E0729E35"
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3200:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "32A532C0-B0E3-484A-B356-88970E7D0248"
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3400:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "43913A0E-50D5-47DD-94D8-DD3391633619"
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3500:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A8E1073F-D374-4311-8F12-AD8C72FAA293"
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3600:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "97217080-455C-48E4-8CE1-6D5B9485864F"
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9000:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "8EBEBA5B-5589-417B-BF3B-976083E9FE54"
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9200:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "532CE4B0-A3C9-4613-AAAF-727817D06FB4"
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9300:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "92E2CB2B-DA11-4CF7-9D57-3D4D48990DC0"
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9500:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "63BE0266-1C00-4D6A-AD96-7F82532ABAA7"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6ED6E713-DCC5-41A7-94AC-CFF52EBBCBD7",
"versionEndExcluding": "6.0\\(2\\)a8\\(11\\)",
"versionStartIncluding": "6.0\\(2\\)a8"
},
{
"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "521D7202-7B57-49C1-BFC5-6829B96428BA",
"versionEndExcluding": "7.0\\(3\\)i7\\(3\\)",
"versionStartIncluding": "7.0\\(3\\)"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:nexus_3524-x:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "10F80A72-AD54-4699-B8AE-82715F0B58E2"
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3524-xl:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "9354B6A2-D7D6-442E-BF4C-FE8A336D9E94"
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3548-x:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "74CB4002-7636-4382-B33E-FBA060A13C34"
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3548-xl:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "10CEBF73-3EE0-459A-86C5-F8F6243FE27C"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9588B23A-8C0E-4734-AFF6-254F8A2C8AA1",
"versionEndExcluding": "7.3\\(4\\)n1\\(1\\)",
"versionStartIncluding": "7.3"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:nexus_5500:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "BFC8699E-81C0-4374-B827-71B3916B910D"
},
{
"criteria": "cpe:2.3:h:cisco:nexus_5600:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "870F4379-68F6-4B34-B99B-107DFE0DBD63"
},
{
"criteria": "cpe:2.3:h:cisco:nexus_6000:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "6A58223F-3B15-420B-A6D4-841451CF0380"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E30AB8D6-3F3F-43A3-B7E9-ABD5D3052FA8",
"versionEndExcluding": "6.2\\(22\\)",
"versionStartIncluding": "6.2"
},
{
"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3411F8C2-D65A-46CF-9563-0A9866462491",
"versionEndExcluding": "7.3\\(3\\)d1\\(1\\)",
"versionStartIncluding": "7.2"
},
{
"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "02E6779A-5759-4A83-B884-1B47FC124A22",
"versionEndExcluding": "8.3\\(1\\)",
"versionStartIncluding": "8.0"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "12180BEB-7F21-4FA7-ABD2-E9A8EA7340F3"
},
{
"criteria": "cpe:2.3:h:cisco:nexus_7700:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "DD7A4B4B-3BB1-4A4D-911E-C4EEF01BBC45"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4E21FF51-A716-40AE-A9F3-BBAC2CF3A87D",
"versionEndExcluding": "4.0\\(1a\\)",
"versionStartIncluding": "4.0"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ucs_6248up:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "49112D3F-DFAD-4E71-992B-9E0640FA388C"
},
{
"criteria": "cpe:2.3:h:cisco:ucs_6296up:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "38A1D8F2-A4A6-4BAC-8326-9F9DE9572FA2"
},
{
"criteria": "cpe:2.3:h:cisco:ucs_6332:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "E406DDCE-6753-43E9-B6F0-7A038DE84E41"
},
{
"criteria": "cpe:2.3:h:cisco:usc_6324:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "1B73C2C0-6464-44A3-840C-7FBB500B4CA8"
},
{
"criteria": "cpe:2.3:h:cisco:usc_6332-16up:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "9E5F3B75-A48C-43E2-8E69-3747BB50A263"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ACCCFBCD-6C8D-425B-B597-5D1E5EF125FC",
"versionEndExcluding": "2.4.1.101",
"versionStartIncluding": "2.4"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:firepower_4110:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A0CBC7F5-7767-43B6-9384-BE143FCDBD7F"
},
{
"criteria": "cpe:2.3:h:cisco:firepower_4115:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A694AD51-9008-4AE6-8240-98B17AB527EE"
},
{
"criteria": "cpe:2.3:h:cisco:firepower_4120:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "38AE6DC0-2B03-4D36-9856-42530312CC46"
},
{
"criteria": "cpe:2.3:h:cisco:firepower_4125:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "71DCEF22-ED20-4330-8502-EC2DD4C9838F"
},
{
"criteria": "cpe:2.3:h:cisco:firepower_4140:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "3DB2822B-B752-4CD9-A178-934957E306B4"
},
{
"criteria": "cpe:2.3:h:cisco:firepower_4145:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "81F4868A-6D62-479C-9C19-F9AABDBB6B24"
},
{
"criteria": "cpe:2.3:h:cisco:firepower_4150:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "65378F3A-777C-4AE2-87FB-1E7402F9EA1B"
},
{
"criteria": "cpe:2.3:h:cisco:firepower_9300:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "07DAFDDA-718B-4B69-A524-B0CEB80FE960"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]