exploitDog

CVE-2019-1596

Опубликовано: 07 мар. 2019

Источник: nvd

CVSS3: 7.8

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to escalate their privilege level to root. The attacker must authenticate with valid user credentials. The vulnerability is due to incorrect permissions of a system executable. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the Bash prompt. A successful exploit could allow the attacker to escalate their privilege level to root. Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).

Ссылки

http://www.securityfocus.com/bid/107340
Third Party Advisory
VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-pe
Patch
Vendor Advisory
http://www.securityfocus.com/bid/107340
Third Party Advisory
VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-pe
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*

Версия до 7.0\(3\)i4\(9\) (исключая)

cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*

Версия от 7.0\(3\)i5 (включая) до 7.0\(3\)i7\(4\) (исключая)

cpe:2.3:h:cisco:nexus_3000:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*

Версия от 7.0\(3\)i7 (включая) до 7.0\(3\)i7\(4\) (исключая)

cpe:2.3:h:cisco:nexus_3500:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*

Версия от 7.0\(3\)f3\(1\) (включая) до 7.0\(3\)f3\(5\) (исключая)

cpe:2.3:h:cisco:nexus_3600:-:*:*:*:*:*:*:*

Конфигурация 4

Одновременно

Одно из

cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*

Версия до 7.0\(3\)i4\(9\) (исключая)

cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*

Версия от 7.0\(3\)i5 (включая) до 7.0\(3\)i7\(4\) (исключая)

cpe:2.3:h:cisco:nexus_9000:-:*:*:*:*:*:*:*

Конфигурация 5

Одновременно

cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*

Версия от 7.0\(3\)f3\(1\) (включая) до 7.0\(3\)f3\(5\) (исключая)

cpe:2.3:h:cisco:nexus_9500:-:*:*:*:*:*:*:*

EPSS

Процентиль: 36%

0.00151

Низкий

7.8 High

CVSS3

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-264

CWE-732

Связанные уязвимости

GHSA-gqv4-4m7f-x3p4

CVSS3: 7.8

github

больше 3 лет назад

A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to escalate their privilege level to root. The attacker must authenticate with valid user credentials. The vulnerability is due to incorrect permissions of a system executable. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the Bash prompt. A successful exploit could allow the attacker to escalate their privilege level to root. Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).

BDU:2019-01097

CVSS3: 7.8

fstec

почти 7 лет назад

Уязвимость реализации командной оболочки Bash сетевой операционной системы Cisco NX-OS устройств Cisco, позволяющая нарушителю повысить свои привилегии до уровня root

EPSS

Процентиль: 36%

0.00151

Низкий

7.8 High

CVSS3

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-264

CWE-732