← back
CVE-2019-1726

Cisco NX-OS Software CLI Bypass to Internal Service Vulnerability

CVSS 5.3 MEDIUMEPSS 0.4%CWE-20
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.3EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
15 May 2019Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to access internal services that should be restricted on an affected device, such as the NX-API. The vulnerability is due to insufficient validation of arguments passed to a certain CLI command. An attacker could exploit this vulnerability by including malicious input as the argument to the affected command. A successful exploit could allow the attacker to bypass intended restrictions and access internal services of the device. An attacker would need valid device credentials to exploit this vulnerability.
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L