Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-pqr2-367x-jwhw

Опубликовано: 24 мая 2022
Источник: github
Github: Не прошло ревью
CVSS3: 6.7

Описание

A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper signature verification during the installation of an Open Virtual Appliance (OVA) image. An authenticated, local attacker could exploit this vulnerability and load a malicious, unsigned OVA image on an affected device. A successful exploit could allow an attacker to perform code execution on a crafted software OVA image.

A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper signature verification during the installation of an Open Virtual Appliance (OVA) image. An authenticated, local attacker could exploit this vulnerability and load a malicious, unsigned OVA image on an affected device. A successful exploit could allow an attacker to perform code execution on a crafted software OVA image.

Ссылки

EPSS

Процентиль: 9%
0.00033
Низкий

6.7 Medium

CVSS3

CVE ID

CVE-2019-12662

Дефекты

CWE-347

Связанные уязвимости

nvd логотип

CVE-2019-12662

CVSS3: 6.7
nvd
больше 6 лет назад

A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper signature verification during the installation of an Open Virtual Appliance (OVA) image. An authenticated, local attacker could exploit this vulnerability and load a malicious, unsigned OVA image on an affected device. A successful exploit could allow an attacker to perform code execution on a crafted software OVA image.

fstec логотип

BDU:2019-03439

CVSS3: 6.7
fstec
больше 6 лет назад

Уязвимость операционных систем NX-OS и Cisco IOS XE, связанная с ошибками при проверке электронной подписи во время установки образа Open Virtual Appliance (OVA), позволяющая нарушителю установить образ вредоносного программного обеспечения на уязвимое устройство

EPSS

Процентиль: 9%
0.00033
Низкий

6.7 Medium

CVSS3

CVE ID

CVE-2019-12662

Дефекты

CWE-347