cisco-sa-20190515-nxos-fxos-cmdinj-1780

Cisco FXOS and NX-OS Software Command Injection Vulnerability (CVE-2019-1780)

cisco-sa-20190515-nxos-fxos-cmdinj-1780 · Medium · Published 7 years ago · Updated 7 years ago

A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-fxos-cmdinj-1780

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEs	CVE-2019-1780
Cisco Bug IDs	CSCvi01431, CSCvi01440, CSCvi92326, CSCvi92328, CSCvi92329, CSCvi92332
CVSS Score	Base 4.2 Base 4.2 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X
Product Names From Source	Cisco NX-OS Software 6.0(2)A8(1), Cisco NX-OS Software 6.0(2)A8(2), Cisco NX-OS Software 6.0(2)A8(3), Cisco NX-OS Software 6.0(2)A8(4), Cisco NX-OS Software 6.0(2)A8(4a), Cisco NX-OS Software 6.0(2)A8(5), Cisco NX-OS Software 6.0(2)A8(6), Cisco NX-OS Software 6.0(2)A8(7), Cisco NX-OS Software 6.0(2)A8(7a), Cisco NX-OS Software 6.0(2)A8(7b), Cisco NX-OS Software 6.0(2)A8(8), Cisco NX-OS Software 6.0(2)A8(9), Cisco NX-OS Software 6.0(2)A8(10a), Cisco NX-OS Software 6.0(2)A8(10), Cisco NX-OS Software 6.2(2), Cisco NX-OS Software 6.2(2a), Cisco NX-OS Software 6.2(6), Cisco NX-OS Software 6.2(6b), Cisco NX-OS Software 6.2(8), Cisco NX-OS Software 6.2(8a), Cisco NX-OS Software 6.2(8b), Cisco NX-OS Software 6.2(10), Cisco NX-OS Software 6.2(12), Cisco NX-OS Software 6.2(18), Cisco NX-OS Software 6.2(16), Cisco NX-OS Software 6.2(14b), Cisco NX-OS Software 6.2(14), Cisco NX-OS Software 6.2(14a), Cisco NX-OS Software 6.2(6a), Cisco NX-OS Software 6.2(20), Cisco NX-OS Software 6.2(1), Cisco NX-OS Software 6.2(3), Cisco NX-OS Software 6.2(5), Cisco NX-OS Software 6.2(5a), Cisco NX-OS Software 6.2(5b), Cisco NX-OS Software 6.2(7), Cisco NX-OS Software 6.2(9), Cisco NX-OS Software 6.2(9a), Cisco NX-OS Software 6.2(9b), Cisco NX-OS Software 6.2(9c), Cisco NX-OS Software 6.2(11), Cisco NX-OS Software 6.2(11b), Cisco NX-OS Software 6.2(11c), Cisco NX-OS Software 6.2(11d), Cisco NX-OS Software 6.2(11e), Cisco NX-OS Software 6.2(13), Cisco NX-OS Software 6.2(13a), Cisco NX-OS Software 6.2(13b), Cisco NX-OS Software 6.2(15), Cisco NX-OS Software 6.2(17), Cisco NX-OS Software 6.2(19), Cisco NX-OS Software 6.2(21), Cisco NX-OS Software 6.2(20a), Cisco NX-OS Software 7.0(3)F3(1), Cisco NX-OS Software 7.0(3)F3(2), Cisco NX-OS Software 7.0(3)F3(3), Cisco NX-OS Software 7.0(3)F3(3a), Cisco NX-OS Software 7.0(3)F3(4), Cisco NX-OS Software 7.0(3)F3(3c), Cisco NX-OS Software 7.0(3)F3(3b), Cisco NX-OS Software 7.0(3)I4(1), Cisco NX-OS Software 7.0(3)I4(2), Cisco NX-OS Software 7.0(3)I4(3), Cisco NX-OS Software 7.0(3)I4(4), Cisco NX-OS Software 7.0(3)I4(5), Cisco NX-OS Software 7.0(3)I4(6), Cisco NX-OS Software 7.0(3)I4(7), Cisco NX-OS Software 7.0(3)I4(8), Cisco NX-OS Software 7.0(3)I4(8a), Cisco NX-OS Software 7.0(3)I4(8b), Cisco NX-OS Software 7.0(3)I4(8z), Cisco NX-OS Software 7.0(3)I7(5a), Cisco NX-OS Software 7.0(3)I7(1), Cisco NX-OS Software 7.0(3)I7(2), Cisco NX-OS Software 7.0(3)I7(3), Cisco NX-OS Software 8.1(1b), Cisco NX-OS Software 8.2(1), Cisco NX-OS Software 8.2(2), Cisco Firepower Extensible Operating System (FXOS) 2.3.1.99, Cisco Firepower Extensible Operating System (FXOS) 2.3.1.93, Cisco Firepower Extensible Operating System (FXOS) 2.3.1.91, Cisco Firepower Extensible Operating System (FXOS) 2.3.1.88, Cisco Firepower Extensible Operating System (FXOS) 2.3.1.75, Cisco Firepower Extensible Operating System (FXOS) 2.3.1.73, Cisco Firepower Extensible Operating System (FXOS) 2.3.1.66, Cisco Firepower Extensible Operating System (FXOS) 2.3.1.58, Cisco Firepower Extensible Operating System (FXOS) 2.4.1.101, Cisco Firepower Extensible Operating System (FXOS), Cisco NX-OS Software

Related Products

Product	CVE	Evidence
Firepower Extensible Operating System	CVE-2019-1780	Cisco OpenVuln
Cisco NX-OS Software	CVE-2019-1780	Cisco OpenVuln
Cisco Firepower Extensible Operating System (FXOS)	CVE-2019-1780	Cisco OpenVuln
Cisco Firepower Extensible Operating System	CVE-2019-1780	Cisco OpenVuln

Vulnslist

find the latest Cisco vulnerabilities

Cisco FXOS and NX-OS Software Command Injection Vulnerability (CVE-2019-1780)

Workarounds

Related Products