CVE-2019-1600

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 07-03-2019 09:29

Last modified: - 10-05-2022 05:33

Total changes: - 2

Description

A vulnerability in the file system permissions of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive information that is stored in the file system of an affected system. The vulnerability is due to improper implementation of file system permissions. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow the attacker to access sensitive and critical files. Firepower 4100 Series Next-Generation Firewalls are affected in versions prior to 2.2.2.91 and 2.3.1.110. Firepower 9300 Series Next-Generation Firewalls are affected in versions prior to 2.2.2.91 and 2.3.1.110. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(25), 8.1(1b), and 8.3(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.1(5)N1(1b) and 7.3(3)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Low

Attack complexity

Local

Attack vector

None

Availability

High

Confidentiality

None

Integrity

High

Privileges required

Unchanged

Scope

None

User interaction

4.4

Base score

0.8

3.6

Exploitability score

Impact score

Verification logic

AND

vendor=cisco AND product=fxos AND versionStartIncluding=1.1 AND versionEndExcluding=2.2.2.91

vendor=cisco AND product=fxos AND versionStartIncluding=2.3 AND versionEndExcluding=2.3.1.110

vendor=cisco AND product=firepower_4100 AND version=-

vendor=cisco AND product=firepower_9300 AND version=-

AND

vendor=cisco AND product=nx-os AND versionStartIncluding=8.2 AND versionEndExcluding=8.3\(1\)

vendor=cisco AND product=mds_9000 AND version=-

AND

vendor=cisco AND product=nx-os AND versionStartIncluding=7.0\(3\)i5 AND versionEndExcluding=7.0\(3\)i7\(4\)

vendor=cisco AND product=nexus_3000 AND version=-

AND

vendor=cisco AND product=nx-os AND versionStartIncluding=7.0\(3\) AND versionEndExcluding=7.0\(3\)i7\(4\)

vendor=cisco AND product=nexus_3500 AND version=-

AND

vendor=cisco AND product=nx-os AND versionStartIncluding=7.0\(3\)f3 AND versionEndExcluding=7.0\(3\)f3\(5\)

vendor=cisco AND product=nexus_3600 AND version=-

AND

vendor=cisco AND product=nx-os AND versionStartIncluding=7.2 AND versionEndExcluding=7.3\(3\)n1\(1\)

vendor=cisco AND product=nexus_6000 AND version=-

vendor=cisco AND product=nexus_5600 AND version=-

vendor=cisco AND product=nexus_5500 AND version=-

vendor=cisco AND product=nexus_2000 AND version=-

AND

vendor=cisco AND product=nx-os AND versionStartIncluding=8.0 AND versionEndExcluding=8.2\(3\)

vendor=cisco AND product=nexus_7700 AND version=-

vendor=cisco AND product=nexus_7000 AND version=-

AND

vendor=cisco AND product=nx-os AND versionStartIncluding=7.0\(3\)i5 AND versionEndExcluding=7.0\(3\)i7\(4\)

vendor=cisco AND product=nexus_9000 AND version=-

AND

vendor=cisco AND product=nx-os AND versionStartIncluding=7.0\(3\)f1 AND versionEndExcluding=7.0\(3\)f3\(5\)

vendor=cisco AND product=nexus_9500 AND version=-

AND

vendor=cisco AND product=nx-os AND versionStartIncluding=7.3 AND versionEndExcluding=8.1\(1b\)

vendor=cisco AND product=mds_9000 AND version=-

AND

vendor=cisco AND product=nx-os AND versionStartIncluding=5.2. AND versionEndExcluding=6.2\(25\)

vendor=cisco AND product=mds_9000 AND version=-

AND

vendor=cisco AND product=nx-os AND versionEndExcluding=7.0\(3\)i4\(9\)

vendor=cisco AND product=nexus_3000 AND version=-

AND

vendor=cisco AND product=nx-os AND versionEndExcluding=6.0\(2\)a8\(10\)

vendor=cisco AND product=nexus_3500 AND version=-

AND

vendor=cisco AND product=nx-os AND versionEndExcluding=7.1\(5\)n1\(1b\)

vendor=cisco AND product=nexus_6000 AND version=-

vendor=cisco AND product=nexus_5600 AND version=-

vendor=cisco AND product=nexus_5500 AND version=-

vendor=cisco AND product=nexus_2000 AND version=-

AND

vendor=cisco AND product=nx-os AND versionStartIncluding=7.2 AND versionEndExcluding=7.3\(3\)d1\(1\)

vendor=cisco AND product=nexus_7700 AND version=-

vendor=cisco AND product=nexus_7000 AND version=-

AND

vendor=cisco AND product=nx-os AND versionEndExcluding=6.2\(22\)

vendor=cisco AND product=nexus_7700 AND version=-

vendor=cisco AND product=nexus_7000 AND version=-

AND

vendor=cisco AND product=nx-os AND versionEndExcluding=7.0\(3\)i4\(9\)

vendor=cisco AND product=nexus_9000 AND version=-

Reference

20190306 Cisco FXOS and NX-OS Software Unauthorized Directory Access Vulnerability-Patch, Vendor Advisory
107404-Third Party Advisory, VDB Entry
107399-Third Party Advisory, VDB Entry

Keywords

CVE-2019-1600

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2019-1600

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures