CVE-2019-1803: Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Root Privilege Escalation Vulnerability
First published: Fri May 03 2019(Updated: )
A vulnerability in the filesystem management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an authenticated, local attacker with administrator rights to gain elevated privileges as the root user on an affected device. The vulnerability is due to overly permissive file permissions of specific system files. An attacker could exploit this vulnerability by authenticating to an affected device, creating a crafted command string, and writing this crafted string to a specific file location. A successful exploit could allow the attacker to execute arbitrary operating system commands as root on an affected device. The attacker would need to have valid administrator credentials for the device.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Nexus 9000 Series Application Centric Infrastructure | ||
| Cisco Nexus 93108tc-ex | ||
| Cisco Nexus 93120tx | ||
| Cisco Nexus 93128tx | ||
| Cisco Nexus 93180lc-ex | ||
| Cisco Nexus 93180tc-ex | ||
| Cisco Nexus 93180yc-ex | ||
| Cisco Nexus 93180yc-fx | ||
| Cisco Nexus 9332pq | ||
| Cisco Nexus 9336c-fx2 | ||
| Cisco Nexus 9336pq Aci Spine | ||
| Cisco Nexus 9348gc-fxp | ||
| Cisco Nexus 9364c | ||
| Cisco Nexus 9372px | ||
| Cisco Nexus 9372px-e | ||
| Cisco Nexus 9372tx | ||
| Cisco Nexus 9372tx-e | ||
| Cisco Nexus 9396px | ||
| Cisco Nexus 9396tx | ||
| Cisco Nexus 9504 | ||
| Cisco Nexus 9508 | ||
| Cisco Nexus 9516 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-1803?
CVE-2019-1803 is a vulnerability in the filesystem management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software.
How severe is CVE-2019-1803?
CVE-2019-1803 has a severity value of 6.7, which is considered high.
How can an attacker exploit CVE-2019-1803?
An authenticated, local attacker with administrator rights can exploit CVE-2019-1803 to gain elevated privileges as the root user on the affected device.
Which devices are affected by CVE-2019-1803?
Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software is affected by CVE-2019-1803.
How can I fix CVE-2019-1803?
To fix CVE-2019-1803, Cisco recommends upgrading to a fixed software release.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/title
- agent/last-modified-date
- agent/severity
- agent/author
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- vendor/cisco
- canonical/cisco nexus 9000 series application centric infrastructure
- canonical/cisco nexus 93108tc-ex
- canonical/cisco nexus 93120tx
- canonical/cisco nexus 93128tx
- canonical/cisco nexus 93180lc-ex
- canonical/cisco nexus 93180tc-ex
- canonical/cisco nexus 93180yc-ex
- canonical/cisco nexus 93180yc-fx
- canonical/cisco nexus 9332pq
- canonical/cisco nexus 9336c-fx2
- canonical/cisco nexus 9336pq aci spine
- canonical/cisco nexus 9348gc-fxp
- canonical/cisco nexus 9364c
- canonical/cisco nexus 9372px
- canonical/cisco nexus 9372px-e
- canonical/cisco nexus 9372tx
- canonical/cisco nexus 9372tx-e
- canonical/cisco nexus 9396px
- canonical/cisco nexus 9396tx
- canonical/cisco nexus 9504
- canonical/cisco nexus 9508
- canonical/cisco nexus 9516