What is the vulnerability ID of this vulnerability?

The vulnerability ID is CVE-2019-1600.

What is the severity rating of CVE-2019-1600?

The severity rating of CVE-2019-1600 is medium (4.4).

How can an attacker exploit CVE-2019-1600?

An attacker can exploit CVE-2019-1600 by accessing sensitive information stored in the affected system's file system.

Which software versions are affected by CVE-2019-1600?

Cisco FXOS Software versions 1.1 to 2.2.2.91 and Cisco NX-OS Software versions 7.0(3)i5 to 8.2 are affected by CVE-2019-1600.

Where can I find more information about CVE-2019-1600?

You can find more information about CVE-2019-1600 at the following references: [1](http://www.securityfocus.com/bid/107399), [2](http://www.securityfocus.com/bid/107404), [3](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-directory).

Vulnerability/
CVE-2019-1600

medium

6.7

CWE

732 264

7/3/2019

20/11/2024

CVE-2019-1600: Cisco FXOS and NX-OS Software Unauthorized Directory Access Vulnerability

First published: Thu Mar 07 2019(Updated: )

A vulnerability in the file system permissions of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive information that is stored in the file system of an affected system. The vulnerability is due to improper implementation of file system permissions. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow the attacker to access sensitive and critical files. Firepower 4100 Series Next-Generation Firewalls are affected in versions prior to 2.2.2.91 and 2.3.1.110. Firepower 9300 Series Next-Generation Firewalls are affected in versions prior to 2.2.2.91 and 2.3.1.110. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(25), 8.1(1b), and 8.3(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.1(5)N1(1b) and 7.3(3)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Firepower Extensible Operating System	>=1.1<2.2.2.91
Cisco Firepower Extensible Operating System	>=2.3<2.3.1.110
Cisco Firepower 4100
Cisco Firepower 9300
Cisco Nx-os	>=8.2<8.3\(1\)
Cisco MDS 9000
Cisco Nx-os	>=7.0\(3\)i5<7.0\(3\)i7\(4\)
Cisco Nexus 3000
Cisco Nx-os	>=7.0\(3\)<7.0\(3\)i7\(4\)
Cisco Nexus 3500
Cisco Nx-os	>=7.0\(3\)f3<7.0\(3\)f3\(5\)
Cisco Nexus 3600
Cisco Nx-os	>=7.2<7.3\(3\)n1\(1\)
Cisco Nexus 2000
Cisco Nexus 5500
Cisco Nexus 5600
Cisco Nexus 6000
Cisco Nx-os	>=8.0<8.2\(3\)
Cisco Nexus 7000
Cisco Nexus 7700
Cisco Nexus 9000
Cisco Nx-os	>=7.0\(3\)f1<7.0\(3\)f3\(5\)
Cisco Nexus 9500
Cisco Nx-os	>=7.3<8.1\(1b\)
Cisco Nx-os	>=5.2.<6.2\(25\)
Cisco Nx-os	<7.0\(3\)i4\(9\)
Cisco Nx-os	<6.0\(2\)a8\(10\)
Cisco Nx-os	<7.1\(5\)n1\(1b\)
Cisco Nx-os	>=7.2<7.3\(3\)d1\(1\)
Cisco Nx-os	<6.2\(22\)

Remedy

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-directory

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID of this vulnerability?
The vulnerability ID is CVE-2019-1600.
What is the severity rating of CVE-2019-1600?
The severity rating of CVE-2019-1600 is medium (4.4).
How can an attacker exploit CVE-2019-1600?
An attacker can exploit CVE-2019-1600 by accessing sensitive information stored in the affected system's file system.
Which software versions are affected by CVE-2019-1600?
Cisco FXOS Software versions 1.1 to 2.2.2.91 and Cisco NX-OS Software versions 7.0(3)i5 to 8.2 are affected by CVE-2019-1600.
Where can I find more information about CVE-2019-1600?
You can find more information about CVE-2019-1600 at the following references: [1](http://www.securityfocus.com/bid/107399), [2](http://www.securityfocus.com/bid/107404), [3](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-directory).

collector/nvd-index
agent/weakness
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/remedy
agent/severity
agent/author
agent/last-modified-date
agent/references
agent/title
agent/first-publish-date
agent/tags
agent/description
agent/event
vendor/cisco
canonical/cisco firepower extensible operating system
version/cisco firepower extensible operating system/1.1
version/cisco firepower extensible operating system/2.3
canonical/cisco firepower 4100
canonical/cisco firepower 9300
canonical/cisco nx-os
version/cisco nx-os/8.2
canonical/cisco mds 9000
version/cisco nx-os/7.0\(3\)i5
canonical/cisco nexus 3000
version/cisco nx-os/7.0\(3\)
canonical/cisco nexus 3500
version/cisco nx-os/7.0\(3\)f3
canonical/cisco nexus 3600
version/cisco nx-os/7.2
canonical/cisco nexus 2000
canonical/cisco nexus 5500
canonical/cisco nexus 5600
canonical/cisco nexus 6000
version/cisco nx-os/8.0
canonical/cisco nexus 7000
canonical/cisco nexus 7700
canonical/cisco nexus 9000
version/cisco nx-os/7.0\(3\)f1
canonical/cisco nexus 9500
version/cisco nx-os/7.3
version/cisco nx-os/5.2.