Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2019-12662

Published: 25/09/2019 Updated: 09/10/2019
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 6.7 | Impact Score: 5.9 | Exploitability Score: 0.8
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Cisco

Vulnerability Summary

A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper signature verification during the installation of an Open Virtual Appliance (OVA) image. An authenticated, local attacker could exploit this vulnerability and load a malicious, unsigned OVA image on an affected device. A successful exploit could allow an malicious user to perform code execution on a crafted software OVA image.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco ios xe 16.8.1

cisco nx-os 8.1\\(1\\)

cisco nx-os 8.1\\(0.2\\)s0

cisco nx-os 8.1\\(1\\)s5

cisco nx-os 8.1\\(0\\)bd\\(0.20\\)

cisco nexus_3016_firmware -

cisco nexus_3048_firmware -

cisco nexus_3064_firmware -

cisco nexus_3064-t_firmware -

cisco nexus_31108pc-v_firmware -

cisco nexus_31108tc-v_firmware -

cisco nexus_31128pq_firmware -

cisco nexus_3132c-z_firmware -

cisco nexus_3132q_firmware -

cisco nexus_3132q-v_firmware -

cisco nexus_3132q-xl_firmware -

cisco nexus_3164q_firmware -

cisco nexus_3172_firmware -

cisco nexus_3172pq-xl_firmware -

cisco nexus_3172tq_firmware -

cisco nexus_3172tq-32t_firmware -

cisco nexus_3172tq-xl_firmware -

cisco nexus_3232c_firmware -

cisco nexus_3264c-e_firmware -

cisco nexus_3264q_firmware -

cisco nexus_3408-s_firmware -

cisco nexus_34180yc_firmware -

cisco nexus_34200yc-sm_firmware -

cisco nexus_3432d-s_firmware -

cisco nexus_3464c_firmware -

cisco nexus_3524_firmware -

cisco nexus_3524-x_firmware -

cisco nexus_3524-xl_firmware -

cisco nexus_3548_firmware -

cisco nexus_3548-x_firmware -

cisco nexus_3548-xl_firmware -

cisco nexus_5548p_firmware -

cisco nexus_5548up_firmware -

cisco nexus_5596t_firmware -

cisco nexus_5596up_firmware -

cisco nexus_56128p_firmware -

cisco nexus_5624q_firmware -

cisco nexus_5648q_firmware -

cisco nexus_5672up_firmware -

cisco nexus_5696q_firmware -

cisco nexus_6001_firmware -

cisco nexus_6004_firmware -

cisco nexus_7000_10-slot_firmware -

cisco nexus_7000_18-slot_firmware -

cisco nexus_7000_4-slot_firmware -

cisco nexus_7000_9-slot_firmware -

cisco nexus_7700_10-slot_firmware -

cisco nexus_7700_18-slot_firmware -

cisco nexus_7700_2-slot_firmware -

cisco nexus_7700_6-slot_firmware -

Vendor Advisories

Cisco: Cisco NX-OS and IOS XE Software Virtual Service Image Signature Bypass Vulnerability
A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device The vulnerability is due to improper signature verification during the installation of a ...

References

CWE-347https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-vmanhttps://nvd.nist.govhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-vman
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook