First published: Fri May 03 2019(Updated: )
A vulnerability in the filesystem management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an authenticated, local attacker with administrator rights to gain elevated privileges as the root user on an affected device. The vulnerability is due to overly permissive file permissions of specific system files. An attacker could exploit this vulnerability by authenticating to an affected device, creating a crafted command string, and writing this crafted string to a specific file location. A successful exploit could allow the attacker to execute arbitrary operating system commands as root on an affected device. The attacker would need to have valid administrator credentials for the device.
Credit: ykramarz@cisco.com ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Nexus 9000 Series Application Centric Infrastructure | ||
Cisco Nexus 93108tc-ex | ||
Cisco Nexus 93120tx | ||
Cisco Nexus 93128tx | ||
Cisco Nexus 93180lc-ex | ||
Cisco Nexus 93180tc-ex | ||
Cisco Nexus 93180yc-ex | ||
Cisco Nexus 93180yc-fx | ||
Cisco Nexus 9332pq | ||
Cisco Nexus 9336c-fx2 | ||
Cisco Nexus 9336pq Aci Spine | ||
Cisco Nexus 9348gc-fxp | ||
Cisco Nexus 9364c | ||
Cisco Nexus 9372px | ||
Cisco Nexus 9372px-e | ||
Cisco Nexus 9372tx | ||
Cisco Nexus 9372tx-e | ||
Cisco Nexus 9396px | ||
Cisco Nexus 9396tx | ||
Cisco Nexus 9504 | ||
Cisco Nexus 9508 | ||
Cisco Nexus 9516 | ||
All of | ||
Cisco Nexus 9000 Series Application Centric Infrastructure | ||
Any of | ||
Cisco Nexus 93108tc-ex | ||
Cisco Nexus 93120tx | ||
Cisco Nexus 93128tx | ||
Cisco Nexus 93180lc-ex | ||
Cisco Nexus 93180tc-ex | ||
Cisco Nexus 93180yc-ex | ||
Cisco Nexus 93180yc-fx | ||
Cisco Nexus 9332pq | ||
Cisco Nexus 9336c-fx2 | ||
Cisco Nexus 9336pq Aci Spine | ||
Cisco Nexus 9348gc-fxp | ||
Cisco Nexus 9364c | ||
Cisco Nexus 9372px | ||
Cisco Nexus 9372px-e | ||
Cisco Nexus 9372tx | ||
Cisco Nexus 9372tx-e | ||
Cisco Nexus 9396px | ||
Cisco Nexus 9396tx | ||
Cisco Nexus 9504 | ||
Cisco Nexus 9508 | ||
Cisco Nexus 9516 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-1803 is a vulnerability in the filesystem management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software.
CVE-2019-1803 has a severity value of 6.7, which is considered high.
An authenticated, local attacker with administrator rights can exploit CVE-2019-1803 to gain elevated privileges as the root user on the affected device.
Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software is affected by CVE-2019-1803.
To fix CVE-2019-1803, Cisco recommends upgrading to a fixed software release.