CVE-2019-1809: Cisco NX-OS Software Patch Signature Verification Bypass Vulnerability
First published: Wed May 15 2019(Updated: )
A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by crafting an unsigned software patch to bypass signature checks and loading it on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Nx-os | >=7.3<8.1\(1a\) | |
| Cisco Nx-os | >=8.2<8.3\(1\) | |
| Cisco Mds 9706 | ||
| Cisco Mds 9710 | ||
| Cisco Mds 9718 | ||
| Cisco Nx-os | >=7.2<7.3\(3\)d1\(1\) | |
| Cisco Nx-os | >=8.0<8.2\(3\) | |
| Cisco 7000 10-slot | ||
| Cisco 7000 18-slot | ||
| Cisco 7000 4-slot | ||
| Cisco 7000 9-slot | ||
| Cisco 7700 10-slot | ||
| Cisco 7700 18-slot | ||
| Cisco 7700 2-slot | ||
| Cisco 7700 6-slot | ||
| Cisco N77-f312ck-26 | ||
| Cisco N77-f324fq-25 | ||
| Cisco N77-f348xp-23 | ||
| Cisco N77-f430cq-36 | ||
| Cisco N77-m312cq-26l | ||
| Cisco N77-m324fq-25l | ||
| Cisco N77-m348xp-23l | ||
| Cisco N7k-f248xp-25e | ||
| Cisco N7k-f306ck-25 | ||
| Cisco N7k-f312fq-25 | ||
| Cisco N7k-m202cf-22l | ||
| Cisco N7k-m206fq-23l | ||
| Cisco N7k-m224xp-23l | ||
| Cisco N7k-m324fq-25l | ||
| Cisco N7k-m348xp-25l | ||
| Cisco Nexus 7000 Supervisor 1 | ||
| Cisco Nexus 7000 Supervisor 2 | ||
| Cisco Nexus 7000 Supervisor 2e | ||
| Cisco Nexus 7700 Supervisor 2e | ||
| Cisco Nexus 7700 Supervisor 3e | ||
| Cisco Nx-os | >=3.1<3.2\(3k\) | |
| Cisco Ucs 6248up | ||
| Cisco Ucs 6296up | ||
| Cisco Ucs 6324 | ||
| Cisco Ucs 6332 | ||
| Cisco Ucs 6332-16up |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-1809?
CVE-2019-1809 is a vulnerability in the Image Signature Verification feature of Cisco NX-OS Software that could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device.
Which software is affected by CVE-2019-1809?
Cisco NX-OS Software versions 7.3 to 8.1(1a) and versions 8.2 to 8.3(1) are affected by CVE-2019-1809.
What is the severity of CVE-2019-1809?
CVE-2019-1809 has a severity score of 6.7 (medium).
How can I fix CVE-2019-1809?
It is recommended to upgrade to a fixed version of Cisco NX-OS Software.
Where can I find more information about CVE-2019-1809?
You can find more information about CVE-2019-1809 on the Cisco Security Advisory website and the SecurityFocus website.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/author
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- vendor/cisco
- canonical/cisco nx-os
- version/cisco nx-os/7.3
- version/cisco nx-os/8.2
- canonical/cisco mds 9706
- canonical/cisco mds 9710
- canonical/cisco mds 9718
- version/cisco nx-os/7.2
- version/cisco nx-os/8.0
- canonical/cisco 7000 10-slot
- canonical/cisco 7000 18-slot
- canonical/cisco 7000 4-slot
- canonical/cisco 7000 9-slot
- canonical/cisco 7700 10-slot
- canonical/cisco 7700 18-slot
- canonical/cisco 7700 2-slot
- canonical/cisco 7700 6-slot
- canonical/cisco n77-f312ck-26
- canonical/cisco n77-f324fq-25
- canonical/cisco n77-f348xp-23
- canonical/cisco n77-f430cq-36
- canonical/cisco n77-m312cq-26l
- canonical/cisco n77-m324fq-25l
- canonical/cisco n77-m348xp-23l
- canonical/cisco n7k-f248xp-25e
- canonical/cisco n7k-f306ck-25
- canonical/cisco n7k-f312fq-25
- canonical/cisco n7k-m202cf-22l
- canonical/cisco n7k-m206fq-23l
- canonical/cisco n7k-m224xp-23l
- canonical/cisco n7k-m324fq-25l
- canonical/cisco n7k-m348xp-25l
- canonical/cisco nexus 7000 supervisor 1
- canonical/cisco nexus 7000 supervisor 2
- canonical/cisco nexus 7000 supervisor 2e
- canonical/cisco nexus 7700 supervisor 2e
- canonical/cisco nexus 7700 supervisor 3e
- version/cisco nx-os/3.1
- canonical/cisco ucs 6248up
- canonical/cisco ucs 6296up
- canonical/cisco ucs 6324
- canonical/cisco ucs 6332
- canonical/cisco ucs 6332-16up