Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-1732

Опубликовано: 15 мая 2019
Источник: nvd
CVSS3: 6.4
CVSS3: 6.4
CVSS2: 6.9
EPSS Низкий

Описание

A vulnerability in the Remote Package Manager (RPM) subsystem of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to leverage a time-of-check, time-of-use (TOCTOU) race condition to corrupt local variables, which could lead to arbitrary command injection. The vulnerability is due to the lack of a proper locking mechanism on critical variables that need to stay static until used. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a set of RPM-related CLI commands. A successful exploit could allow the attacker to perform arbitrary command injection. The attacker would need administrator credentials for the targeted device.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*
Версия от 7.0\(3\)i4 (включая) до 7.0\(3\)i7\(4\) (исключая)

Одно из

cpe:2.3:h:cisco:nexus_3000:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3100:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3100-z:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3100v:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3200:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3400:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3500:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3524-x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3524-xl:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3548-x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_3548-xl:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9000:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9200:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9300:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9500:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:cisco:nx_os:*:*:*:*:*:*:*:*
Версия от 7.0\(3\) (включая) до 7.0\(3\)f3\(5\) (исключая)
cpe:2.3:h:cisco:nexus_3600:-:*:*:*:*:*:*:*

EPSS

Процентиль: 39%
0.00172
Низкий

6.4 Medium

CVSS3

6.4 Medium

CVSS3

6.9 Medium

CVSS2

Дефекты

CWE-78
CWE-667

Связанные уязвимости

github логотип

GHSA-p72g-8563-4jg8

github
больше 3 лет назад

A vulnerability in the Remote Package Manager (RPM) subsystem of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to leverage a time-of-check, time-of-use (TOCTOU) race condition to corrupt local variables, which could lead to arbitrary command injection. The vulnerability is due to the lack of a proper locking mechanism on critical variables that need to stay static until used. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a set of RPM-related CLI commands. A successful exploit could allow the attacker to perform arbitrary command injection. The attacker would need administrator credentials for the targeted device.

fstec логотип

BDU:2019-02192

CVSS3: 6.4
fstec
больше 6 лет назад

Уязвимость в подсистеме управления пакетами Remote Package Manager сетевой операционной системы Cisco NX-OS устройств Cisco, позволяющая нарушителю выполнить произвольные команды

EPSS

Процентиль: 39%
0.00172
Низкий

6.4 Medium

CVSS3

6.4 Medium

CVSS3

6.9 Medium

CVSS2

Дефекты

CWE-78
CWE-667