← back
CVE-2019-1588

Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode Arbitrary File Read Vulnerability

CVSS 4.4 MEDIUMEPSS 0.3%CWE-20
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.4EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
06 Mar 2019Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A vulnerability in the Cisco Nexus 9000 Series Fabric Switches running in Application-Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to read arbitrary files on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms of user-supplied input sent to an affected device. A successful exploit could allow the attacker unauthorized access to read arbitrary files on an affected device. This vulnerability has been fixed in version 14.0(1h).
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N