CVE-2019-1726: OS Command Injection
First published: Wed May 15 2019(Updated: )
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to access internal services that should be restricted on an affected device, such as the NX-API. The vulnerability is due to insufficient validation of arguments passed to a certain CLI command. An attacker could exploit this vulnerability by including malicious input as the argument to the affected command. A successful exploit could allow the attacker to bypass intended restrictions and access internal services of the device. An attacker would need valid device credentials to exploit this vulnerability.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Nx-os | >=5.2<6.2\(25\) | |
| Cisco Nx-os | >=7.3<8.3\(2\) | |
| Cisco MDS 9000 | ||
| Cisco Mds 9100 | ||
| Cisco Mds 9200 | ||
| Cisco Mds 9500 | ||
| Cisco Mds 9700 | ||
| Cisco Nx-os | >=7.0\(3\)i7<7.0\(3\)i7\(3\) | |
| Cisco Nexus 3000 | ||
| Cisco Nexus 3100 | ||
| Cisco Nexus 3100-z | ||
| Cisco Nexus 3100v | ||
| Cisco Nexus 3200 | ||
| Cisco Nexus 3400 | ||
| Cisco Nexus 3500 | ||
| Cisco Nexus 3600 | ||
| Cisco Nexus 9000 | ||
| Cisco Nexus 9200 | ||
| Cisco Nexus 9300 | ||
| Cisco Nexus 9500 | ||
| Cisco Nx-os | <6.0\(2\)a8\(11\) | |
| Cisco Nx-os | >=7.0\(3\)<7.0\(3\)i7\(3\) | |
| Cisco Nexus 3524-x | ||
| Cisco Nexus 3524-xl | ||
| Cisco Nexus 3548-x | ||
| Cisco Nexus 3548-xl | ||
| Cisco Nx-os | <7.3\(4\)n1\(1\) | |
| Cisco Nexus 5500 | ||
| Cisco Nexus 5600 | ||
| Cisco Nexus 6000 | ||
| Cisco Nx-os | <6.2\(22\) | |
| Cisco Nx-os | >=7.2<7.3\(3\)d1\(1\) | |
| Cisco Nx-os | >=8.0<8.3\(2\) | |
| Cisco Nexus 7000 | ||
| Cisco Nexus 7700 | ||
| Cisco Nx-os | <4.0\(1d\) | |
| Cisco Ucs 6248up | ||
| Cisco Ucs 6296up |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Cisco NX-OS Software vulnerability?
The vulnerability ID for this Cisco NX-OS Software vulnerability is CVE-2019-1726.
What is the severity of CVE-2019-1726?
The severity of CVE-2019-1726 is high with a CVSS score of 7.8.
How can this vulnerability be exploited?
This vulnerability can be exploited by an authenticated, local attacker through the CLI of Cisco NX-OS Software.
What is the affected software for CVE-2019-1726?
The affected software for CVE-2019-1726 is Cisco NX-OS Software versions 5.2 through 6.2(25) and versions 7.3 through 8.3(2).
Where can I find more information about CVE-2019-1726?
You can find more information about CVE-2019-1726 on the Cisco Security Advisory website.
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- vendor/cisco
- canonical/cisco nx-os
- version/cisco nx-os/5.2
- version/cisco nx-os/7.3
- canonical/cisco mds 9000
- canonical/cisco mds 9100
- canonical/cisco mds 9200
- canonical/cisco mds 9500
- canonical/cisco mds 9700
- version/cisco nx-os/7.0\(3\)i7
- canonical/cisco nexus 3000
- canonical/cisco nexus 3100
- canonical/cisco nexus 3100-z
- canonical/cisco nexus 3100v
- canonical/cisco nexus 3200
- canonical/cisco nexus 3400
- canonical/cisco nexus 3500
- canonical/cisco nexus 3600
- canonical/cisco nexus 9000
- canonical/cisco nexus 9200
- canonical/cisco nexus 9300
- canonical/cisco nexus 9500
- version/cisco nx-os/7.0\(3\)
- canonical/cisco nexus 3524-x
- canonical/cisco nexus 3524-xl
- canonical/cisco nexus 3548-x
- canonical/cisco nexus 3548-xl
- canonical/cisco nexus 5500
- canonical/cisco nexus 5600
- canonical/cisco nexus 6000
- version/cisco nx-os/7.2
- version/cisco nx-os/8.0
- canonical/cisco nexus 7000
- canonical/cisco nexus 7700
- canonical/cisco ucs 6248up
- canonical/cisco ucs 6296up