CVE-2019-1592

Published: 03/05/2019 Updated: 16/10/2020

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

A vulnerability in the background operations functionality of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an authenticated, local malicious user to gain elevated privileges as root on an affected device. The vulnerability is due to insufficient validation of user-supplied files on an affected device. An attacker could exploit this vulnerability by logging in to the CLI of the affected device and creating a crafted file in a specific directory on the filesystem. A successful exploit could allow the malicious user to execute arbitrary operating system commands as root on an affected device.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco nx-os 14.1(0.90)

A vulnerability in the background operations functionality of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an authenticated, local attacker to gain elevated privileges as root on an affected device The vulnerability is due to insufficient validation of user-supplied files on an affected device ...

CWE-20 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-aci-hw-clock-util https://nvd.nist.gov https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-aci-hw-clock-util

CVE-2019-1592

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect