← voltar
CVE-2019-1600

Cisco FXOS and NX-OS Software Unauthorized Directory Access Vulnerability

CVSS 6.7 MEDIUMEPSS 0.4%CWE-264
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 6.7EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
07 mar 2019Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A vulnerability in the file system permissions of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive information that is stored in the file system of an affected system. The vulnerability is due to improper implementation of file system permissions. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow the attacker to access sensitive and critical files. Firepower 4100 Series Next-Generation Firewalls are affected in versions prior to 2.2.2.91 and 2.3.1.110. Firepower 9300 Series Next-Generation Firewalls are affected in versions prior to 2.2.2.91 and 2.3.1.110. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(25), 8.1(1b), and 8.3(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.1(5)N1(1b) and 7.3(3)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
Cisco · Firepower 4100 Series Next-Generation FirewallsCisco · Firepower 9300 Series Next-Generation FirewallsCisco · MDS 9000 Series Multilayer SwitchesCisco · Nexus 2000, 5500, 5600, and 6000 Series SwitchesCisco · Nexus 3000 Series SwitchesCisco · Nexus 3500 Platform SwitchesCisco · Nexus 3600 Platform SwitchesCisco · Nexus 7000 and 7700 Series SwitchesCisco · Nexus 9000 Series Switches-StandaloneCisco · Nexus 9500 R-Series Line Cards and Fabric Modules

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-directoryhttp://www.securityfocus.com/bid/107399http://www.securityfocus.com/bid/107404