Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-x3cr-cmr6-6r74

Опубликовано: 24 мая 2022
Источник: github
Github: Не прошло ревью
CVSS3: 6.7

Описание

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device.

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device.

Ссылки

EPSS

Процентиль: 21%
0.0007
Низкий

6.7 Medium

CVSS3

CVE ID

CVE-2019-1812

Дефекты

CWE-347

Связанные уязвимости

nvd логотип

CVE-2019-1812

CVSS3: 6.7
nvd
больше 6 лет назад

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device.

fstec логотип

BDU:2019-01984

CVSS3: 6.7
fstec
больше 6 лет назад

Уязвимость сетевой операционной системы NX-OS, связанная с некорректной проверкой криптографической подписи, позволяющая нарушителю установить образ вредоносного программного обеспечения на уязвимом устройстве

EPSS

Процентиль: 21%
0.0007
Низкий

6.7 Medium

CVSS3

CVE ID

CVE-2019-1812

Дефекты

CWE-347