What is the vulnerability ID of this vulnerability?

The vulnerability ID is CVE-2019-1600.

What is the severity rating of CVE-2019-1600?

The severity rating of CVE-2019-1600 is medium (4.4).

How can an attacker exploit CVE-2019-1600?

An attacker can exploit CVE-2019-1600 by accessing sensitive information stored in the affected system's file system.

Which software versions are affected by CVE-2019-1600?

Cisco FXOS Software versions 1.1 to 2.2.2.91 and Cisco NX-OS Software versions 7.0(3)i5 to 8.2 are affected by CVE-2019-1600.

Where can I find more information about CVE-2019-1600?

You can find more information about CVE-2019-1600 at the following references: [1](http://www.securityfocus.com/bid/107399), [2](http://www.securityfocus.com/bid/107404), [3](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-directory).

Vulnerability/
CVE-2019-1600

medium

6.7

CWE

732 264

7/3/2019

21/11/2024

CVE-2019-1600: Cisco FXOS and NX-OS Software Unauthorized Directory Access Vulnerability

First published: Thu Mar 07 2019(Updated: )

A vulnerability in the file system permissions of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive information that is stored in the file system of an affected system. The vulnerability is due to improper implementation of file system permissions. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow the attacker to access sensitive and critical files. Firepower 4100 Series Next-Generation Firewalls are affected in versions prior to 2.2.2.91 and 2.3.1.110. Firepower 9300 Series Next-Generation Firewalls are affected in versions prior to 2.2.2.91 and 2.3.1.110. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(25), 8.1(1b), and 8.3(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.1(5)N1(1b) and 7.3(3)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).

Credit: ykramarz@cisco.com ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Firepower Extensible Operating System	>=1.1<2.2.2.91
Cisco Firepower Extensible Operating System	>=2.3<2.3.1.110
Cisco Firepower 4100 Series
Cisco Firepower 9300 firmware
Cisco NX-OS	>=8.2<8.3\(1\)
Cisco MDS 9000 Series Multilayer Switches
Cisco NX-OS	>=7.0\(3\)i5<7.0\(3\)i7\(4\)
Cisco Nexus 3000
Cisco NX-OS	>=7.0\(3\)<7.0\(3\)i7\(4\)
Cisco Nexus 3500 Platform
Cisco NX-OS	>=7.0\(3\)f3<7.0\(3\)f3\(5\)
Cisco Nexus 3600 Firmware
Cisco NX-OS	>=7.2<7.3\(3\)n1\(1\)
Cisco Nexus 2000
Cisco NX-OS for Nexus 5500 Platform Switches
Cisco Nexus 5600 Firmware
Cisco Nexus 6000 firmware
Cisco NX-OS	>=8.0<8.2\(3\)
Cisco Nexus 7000
Cisco Nexus 7700 series
Cisco Nexus 9000 Firmware
Cisco NX-OS	>=7.0\(3\)f1<7.0\(3\)f3\(5\)
Cisco Nexus 9500 Series
Cisco NX-OS	>=7.3<8.1\(1b\)
Cisco NX-OS	>=5.2.<6.2\(25\)
Cisco NX-OS	<7.0\(3\)i4\(9\)
Cisco NX-OS	<6.0\(2\)a8\(10\)
Cisco NX-OS	<7.1\(5\)n1\(1b\)
Cisco NX-OS	>=7.2<7.3\(3\)d1\(1\)
Cisco NX-OS	<6.2\(22\)
All of
Any of
Cisco Firepower Extensible Operating System	>=1.1<2.2.2.91
Cisco Firepower Extensible Operating System	>=2.3<2.3.1.110
Any of
Cisco Firepower 4100 Series
Cisco Firepower 9300 firmware
All of
Cisco NX-OS	>=8.2<8.3\(1\)
Cisco MDS 9000 Series Multilayer Switches
All of
Cisco NX-OS	>=7.0\(3\)i5<7.0\(3\)i7\(4\)
Cisco Nexus 3000
All of
Cisco NX-OS	>=7.0\(3\)<7.0\(3\)i7\(4\)
Cisco Nexus 3500 Platform
All of
Cisco NX-OS	>=7.0\(3\)f3<7.0\(3\)f3\(5\)
Cisco Nexus 3600 Firmware
All of
Cisco NX-OS	>=7.2<7.3\(3\)n1\(1\)
Any of
Cisco Nexus 2000
Cisco NX-OS for Nexus 5500 Platform Switches
Cisco Nexus 5600 Firmware
Cisco Nexus 6000 firmware
All of
Cisco NX-OS	>=8.0<8.2\(3\)
Any of
Cisco Nexus 7000
Cisco Nexus 7700 series
All of
Cisco NX-OS	>=7.0\(3\)i5<7.0\(3\)i7\(4\)
Cisco Nexus 9000 Firmware
All of
Cisco NX-OS	>=7.0\(3\)f1<7.0\(3\)f3\(5\)
Cisco Nexus 9500 Series
All of
Cisco NX-OS	>=7.3<8.1\(1b\)
Cisco MDS 9000 Series Multilayer Switches
All of
Cisco NX-OS	>=5.2.<6.2\(25\)
Cisco MDS 9000 Series Multilayer Switches
All of
Cisco NX-OS	<7.0\(3\)i4\(9\)
Cisco Nexus 3000
All of
Cisco NX-OS	<6.0\(2\)a8\(10\)
Cisco Nexus 3500 Platform
All of
Cisco NX-OS	<7.1\(5\)n1\(1b\)
Any of
Cisco Nexus 2000
Cisco NX-OS for Nexus 5500 Platform Switches
Cisco Nexus 5600 Firmware
Cisco Nexus 6000 firmware
All of
Cisco NX-OS	>=7.2<7.3\(3\)d1\(1\)
Any of
Cisco Nexus 7000
Cisco Nexus 7700 series
All of
Cisco NX-OS	<6.2\(22\)
Any of
Cisco Nexus 7000
Cisco Nexus 7700 series
All of
Cisco NX-OS	<7.0\(3\)i4\(9\)
Cisco Nexus 9000 Firmware

Remedy

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-directory

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID of this vulnerability?
The vulnerability ID is CVE-2019-1600.
What is the severity rating of CVE-2019-1600?
The severity rating of CVE-2019-1600 is medium (4.4).
How can an attacker exploit CVE-2019-1600?
An attacker can exploit CVE-2019-1600 by accessing sensitive information stored in the affected system's file system.
Which software versions are affected by CVE-2019-1600?
Cisco FXOS Software versions 1.1 to 2.2.2.91 and Cisco NX-OS Software versions 7.0(3)i5 to 8.2 are affected by CVE-2019-1600.
Where can I find more information about CVE-2019-1600?
You can find more information about CVE-2019-1600 at the following references: [1](http://www.securityfocus.com/bid/107399), [2](http://www.securityfocus.com/bid/107404), [3](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-directory).

agent/weakness
agent/type
agent/remedy
agent/severity
agent/references
agent/title
agent/description
collector/mitre-cve
source/MITRE
agent/first-publish-date
agent/author
agent/last-modified-date
agent/event
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-api
source/NVD
agent/software-canonical-lookup
vendor/cisco
canonical/cisco firepower extensible operating system
version/cisco firepower extensible operating system/1.1
version/cisco firepower extensible operating system/2.3
canonical/cisco firepower 4100 series
canonical/cisco firepower 9300 firmware
canonical/cisco nx-os
version/cisco nx-os/8.2
canonical/cisco mds 9000 series multilayer switches
version/cisco nx-os/7.0\(3\)i5
canonical/cisco nexus 3000
version/cisco nx-os/7.0\(3\)
canonical/cisco nexus 3500 platform
version/cisco nx-os/7.0\(3\)f3
canonical/cisco nexus 3600 firmware
version/cisco nx-os/7.2
canonical/cisco nexus 2000
canonical/cisco nx-os for nexus 5500 platform switches
canonical/cisco nexus 5600 firmware
canonical/cisco nexus 6000 firmware
version/cisco nx-os/8.0
canonical/cisco nexus 7000
canonical/cisco nexus 7700 series
canonical/cisco nexus 9000 firmware
version/cisco nx-os/7.0\(3\)f1
canonical/cisco nexus 9500 series
version/cisco nx-os/7.3
version/cisco nx-os/5.2.