cisco-sa-20190306-aci-shell-escape

Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Shell Escape Vulnerability

cisco-sa-20190306-aci-shell-escape · High · Published 7 years ago · Updated 7 years ago

A vulnerability in a specific CLI command implementation of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attacker to escape a restricted shell on an affected device. The vulnerability is due to insufficient sanitization of user-supplied input when issuing a specific CLI command with parameters on an affected device. An attacker could exploit this vulnerability by authenticating to the device CLI and issuing certain commands. A successful exploit could allow the attacker to escape the restricted shell and execute arbitrary commands with root-level privileges on the affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-aci-shell-escape This advisory is part of the March 2019 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication, which includes 25 Cisco Security Advisories that describe 26 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: March 2019 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication.

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEs	CVE-2019-1591
Cisco Bug IDs	CSCvm52063
CVSS Score	Base 7.8 Base 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
Product Names From Source	Cisco NX-OS System Software in ACI Mode 11.0(1b), Cisco NX-OS System Software in ACI Mode 11.0(1c), Cisco NX-OS System Software in ACI Mode 11.0(1d), Cisco NX-OS System Software in ACI Mode 11.0(1e), Cisco NX-OS System Software in ACI Mode 11.0(2j), Cisco NX-OS System Software in ACI Mode 11.0(2m), Cisco NX-OS System Software in ACI Mode 11.0(3f), Cisco NX-OS System Software in ACI Mode 11.0(3i), Cisco NX-OS System Software in ACI Mode 11.0(3k), Cisco NX-OS System Software in ACI Mode 11.0(3n), Cisco NX-OS System Software in ACI Mode 11.0(3o), Cisco NX-OS System Software in ACI Mode 11.0(4h), Cisco NX-OS System Software in ACI Mode 11.0(4o), Cisco NX-OS System Software in ACI Mode 11.0(4q), Cisco NX-OS System Software in ACI Mode 11.1(1j), Cisco NX-OS System Software in ACI Mode 11.1(1o), Cisco NX-OS System Software in ACI Mode 11.1(1r), Cisco NX-OS System Software in ACI Mode 11.1(1s), Cisco NX-OS System Software in ACI Mode 11.1(2h), Cisco NX-OS System Software in ACI Mode 11.1(2i), Cisco NX-OS System Software in ACI Mode 11.1(3f), Cisco NX-OS System Software in ACI Mode 11.1(4e), Cisco NX-OS System Software in ACI Mode 11.1(4f), Cisco NX-OS System Software in ACI Mode 11.1(4g), Cisco NX-OS System Software in ACI Mode 11.1(4i), Cisco NX-OS System Software in ACI Mode 11.1(4l), Cisco NX-OS System Software in ACI Mode 11.1(4m), Cisco NX-OS System Software in ACI Mode 11.2(1i), Cisco NX-OS System Software in ACI Mode 11.2(2g), Cisco NX-OS System Software in ACI Mode 11.2(3c), Cisco NX-OS System Software in ACI Mode 11.2(2h), Cisco NX-OS System Software in ACI Mode 11.2(2i), Cisco NX-OS System Software in ACI Mode 11.2(3e), Cisco NX-OS System Software in ACI Mode 11.2(3h), Cisco NX-OS System Software in ACI Mode 11.2(3m), Cisco NX-OS System Software in ACI Mode 11.2(1k), Cisco NX-OS System Software in ACI Mode 11.2(1m), Cisco NX-OS System Software in ACI Mode 11.2(2j), Cisco NX-OS System Software in ACI Mode 12.0(1m), Cisco NX-OS System Software in ACI Mode 12.0(2g), Cisco NX-OS System Software in ACI Mode 12.0(1n), Cisco NX-OS System Software in ACI Mode 12.0(1o), Cisco NX-OS System Software in ACI Mode 12.0(1p), Cisco NX-OS System Software in ACI Mode 12.0(1q), Cisco NX-OS System Software in ACI Mode 12.0(2h), Cisco NX-OS System Software in ACI Mode 12.0(2l), Cisco NX-OS System Software in ACI Mode 12.0(2m), Cisco NX-OS System Software in ACI Mode 12.0(2n), Cisco NX-OS System Software in ACI Mode 12.0(2o), Cisco NX-OS System Software in ACI Mode 12.0(2f), Cisco NX-OS System Software in ACI Mode 12.0(1r), Cisco NX-OS System Software in ACI Mode 12.1(1h), Cisco NX-OS System Software in ACI Mode 12.1(2e), Cisco NX-OS System Software in ACI Mode 12.1(3g), Cisco NX-OS System Software in ACI Mode 12.1(4a), Cisco NX-OS System Software in ACI Mode 12.1(1i), Cisco NX-OS System Software in ACI Mode 12.1(2g), Cisco NX-OS System Software in ACI Mode 12.1(2k), Cisco NX-OS System Software in ACI Mode 12.1(3h), Cisco NX-OS System Software in ACI Mode 12.1(3j), Cisco NX-OS System Software in ACI Mode 12.2(1n), Cisco NX-OS System Software in ACI Mode 12.2(2e), Cisco NX-OS System Software in ACI Mode 12.2(3j), Cisco NX-OS System Software in ACI Mode 12.2(4f), Cisco NX-OS System Software in ACI Mode 12.2(4p), Cisco NX-OS System Software in ACI Mode 12.2(3p), Cisco NX-OS System Software in ACI Mode 12.2(3r), Cisco NX-OS System Software in ACI Mode 12.2(3s), Cisco NX-OS System Software in ACI Mode 12.2(3t), Cisco NX-OS System Software in ACI Mode 12.2(2f), Cisco NX-OS System Software in ACI Mode 12.2(2i), Cisco NX-OS System Software in ACI Mode 12.2(2j), Cisco NX-OS System Software in ACI Mode 12.2(2k), Cisco NX-OS System Software in ACI Mode 12.2(2q), Cisco NX-OS System Software in ACI Mode 12.2(1o), Cisco NX-OS System Software in ACI Mode 12.2(4q), Cisco NX-OS System Software in ACI Mode 12.2(4r), Cisco NX-OS System Software in ACI Mode 12.3(1e), Cisco NX-OS System Software in ACI Mode 12.3(1f), Cisco NX-OS System Software in ACI Mode 12.3(1i), Cisco NX-OS System Software in ACI Mode 12.3(1l), Cisco NX-OS System Software in ACI Mode 12.3(1o), Cisco NX-OS System Software in ACI Mode 12.3(1p), Cisco NX-OS System Software in ACI Mode 13.0(1k), Cisco NX-OS System Software in ACI Mode 13.0(2h), Cisco NX-OS System Software in ACI Mode 13.0(2k), Cisco NX-OS System Software in ACI Mode 13.0(2n), Cisco NX-OS System Software in ACI Mode 13.1(1i), Cisco NX-OS System Software in ACI Mode 13.1(2m), Cisco NX-OS System Software in ACI Mode 13.1(2o), Cisco NX-OS System Software in ACI Mode 13.1(2p), Cisco NX-OS System Software in ACI Mode 13.1(2q), Cisco NX-OS System Software in ACI Mode 13.1(2s), Cisco NX-OS System Software in ACI Mode 13.1(2t), Cisco NX-OS System Software in ACI Mode 13.2(1l), Cisco NX-OS System Software in ACI Mode 13.2(1m), Cisco NX-OS System Software in ACI Mode 13.2(2l), Cisco NX-OS System Software in ACI Mode 13.2(2o), Cisco NX-OS System Software in ACI Mode 13.2(3i), Cisco NX-OS System Software in ACI Mode 13.2(3n), Cisco NX-OS System Software in ACI Mode 13.2(3o), Cisco NX-OS System Software in ACI Mode 13.2(3r), Cisco NX-OS System Software in ACI Mode 13.2(4d), Cisco NX-OS System Software in ACI Mode 13.2(4e), Cisco NX-OS System Software in ACI Mode 11.3(1g), Cisco NX-OS System Software in ACI Mode 11.3(2f), Cisco NX-OS System Software in ACI Mode 11.3(1h), Cisco NX-OS System Software in ACI Mode 11.3(1i), Cisco NX-OS System Software in ACI Mode 11.3(2h), Cisco NX-OS System Software in ACI Mode 11.3(2i), Cisco NX-OS System Software in ACI Mode 11.3(2k), Cisco NX-OS System Software in ACI Mode 11.3(1j), Cisco NX-OS System Software in ACI Mode 11.3(2j), Cisco NX-OS System Software in ACI Mode 14.0(1h), Cisco NX-OS System Software in ACI Mode 14.0(2c), Cisco NX-OS System Software in ACI Mode

Related Products

Product	CVE	Evidence
Cisco Nexus Dashboard	CVE-2019-1591	Cisco OpenVuln
Cisco Nexus 9000 Series Switches	CVE-2019-1591	Cisco OpenVuln
Cisco NX-OS Software	CVE-2019-1591	Cisco OpenVuln
Cisco Firepower Extensible Operating System (FXOS)	CVE-2019-1591	Cisco OpenVuln
Cisco Catalyst PON Series Switches	CVE-2019-1591	Cisco OpenVuln
Cisco NX-OS System Software in ACI Mode	CVE-2019-1591	Cisco OpenVuln

Vulnslist

find the latest Cisco vulnerabilities

Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Shell Escape Vulnerability

Workarounds

Related Products