cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2019-1836,https://securityvulnerability.io/vulnerability/CVE-2019-1836,Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Symbolic Link Path Traversal Vulnerability,"A vulnerability in the system shell for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to use symbolic links to overwrite system files. These system files may be sensitive and should not be overwritable by non-root users. The attacker would need valid device credentials. The vulnerability is due to incorrect symbolic link verification of directory paths when they are used in the system shell. An attacker could exploit this vulnerability by authenticating to the device and providing crafted user input to specific symbolic link CLI commands. Successful exploitation could allow the attacker to overwrite system files that should be restricted. This vulnerability has been fixed in software version 14.1(1i).",Cisco,Cisco Nx-os Software For Nexus 9000 Series Fabric Switches Aci Mode,5.5,MEDIUM,0.0004400000034365803,false,,false,false,true,2024-08-04T19:16:13.000Z,,false,false,,2019-05-03T17:29:00.000Z,0
CVE-2019-1803,https://securityvulnerability.io/vulnerability/CVE-2019-1803,Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Root Privilege Escalation Vulnerability,"A vulnerability in the filesystem management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an authenticated, local attacker with administrator rights to gain elevated privileges as the root user on an affected device. The vulnerability is due to overly permissive file permissions of specific system files. An attacker could exploit this vulnerability by authenticating to an affected device, creating a crafted command string, and writing this crafted string to a specific file location. A successful exploit could allow the attacker to execute arbitrary operating system commands as root on an affected device. The attacker would need to have valid administrator credentials for the device.",Cisco,Cisco Nx-os Software For Nexus 9000 Series Fabric Switches Aci Mode,7.8,HIGH,0.0004199999966658652,false,,false,false,true,2024-08-04T19:16:11.000Z,,false,false,,2019-05-03T17:29:00.000Z,0
CVE-2019-1804,https://securityvulnerability.io/vulnerability/CVE-2019-1804,Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Default SSH Key Vulnerability,"A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user. The vulnerability is due to the presence of a default SSH key pair that is present in all devices. An attacker could exploit this vulnerability by opening an SSH connection via IPv6 to a targeted device using the extracted key materials. An exploit could allow the attacker to access the system with the privileges of the root user. This vulnerability is only exploitable over IPv6; IPv4 is not vulnerable.",Cisco,Cisco Nx-os Software For Nexus 9000 Series Fabric Switches Aci Mode 11.0.1b,9.8,CRITICAL,0.00343999988399446,false,,false,false,true,2024-08-04T19:16:11.000Z,,false,false,,2019-05-03T17:29:00.000Z,0
CVE-2019-1590,https://securityvulnerability.io/vulnerability/CVE-2019-1590,Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Insecure Fabric Authentication Vulnerability,"A vulnerability in the Transport Layer Security (TLS) certificate validation functionality of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to perform insecure TLS client authentication on an affected device. The vulnerability is due to insufficient TLS client certificate validations for certificates sent between the various components of an ACI fabric. An attacker who has possession of a certificate that is trusted by the Cisco Manufacturing CA and the corresponding private key could exploit this vulnerability by presenting a valid certificate while attempting to connect to the targeted device. An exploit could allow the attacker to gain full control of all other components within the ACI fabric of an affected device.",Cisco,Cisco Nx-os Software For Nexus 9000 Series Fabric Switches Aci Mode,8.1,HIGH,0.0022499999031424522,false,,false,false,true,2024-08-04T19:15:59.000Z,,false,false,,2019-05-03T15:29:00.000Z,0
CVE-2019-1592,https://securityvulnerability.io/vulnerability/CVE-2019-1592,Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Privilege Escalation Vulnerability,"A vulnerability in the background operations functionality of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an authenticated, local attacker to gain elevated privileges as root on an affected device. The vulnerability is due to insufficient validation of user-supplied files on an affected device. An attacker could exploit this vulnerability by logging in to the CLI of the affected device and creating a crafted file in a specific directory on the filesystem. A successful exploit could allow the attacker to execute arbitrary operating system commands as root on an affected device.",Cisco,Cisco Nx-os Software For Nexus 9000 Series Fabric Switches Aci Mode 11.0.1b,7.8,HIGH,0.0004199999966658652,false,,false,false,true,2024-08-04T19:15:59.000Z,,false,false,,2019-05-03T15:29:00.000Z,0
CVE-2019-1589,https://securityvulnerability.io/vulnerability/CVE-2019-1589,Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Unmeasured Boot Vulnerability,"A vulnerability in the Trusted Platform Module (TPM) functionality of software for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, local attacker with physical access to view sensitive information on an affected device. The vulnerability is due to a lack of proper data-protection mechanisms for disk encryption keys that are used within the partitions on an affected device hard drive. An attacker could exploit this vulnerability by obtaining physical access to the affected device to view certain cleartext keys. A successful exploit could allow the attacker to execute a custom boot process or conduct further attacks on an affected device.",Cisco,Cisco Nx-os Software For Nexus 9000 Series Fabric Switches Aci Mode,4.2,MEDIUM,0.0005200000014156103,false,,false,false,true,2024-08-04T19:15:59.000Z,,false,false,,2019-05-03T15:29:00.000Z,0
CVE-2019-1615,https://securityvulnerability.io/vulnerability/CVE-2019-1615,Cisco NX-OS Software Image Signature Verification Vulnerability,"A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability is due to improper verification of digital signatures for software images. An attacker could exploit this vulnerability by loading an unsigned software image on an affected device. A successful exploit could allow the attacker to boot a malicious software image. Note: The fix for this vulnerability requires a BIOS upgrade as part of the software upgrade. For additional information, see the Details section of this advisory. Nexus 3000 Series Switches are affected running software versions prior to 7.0(3)I7(5). Nexus 9000 Series Fabric Switches in ACI Mode are affected running software versions prior to 13.2(1l). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running software versions prior to 7.0(3)I7(5). Nexus 9500 R-Series Line Cards and Fabric Modules are affected running software versions prior to 7.0(3)F3(5).",Cisco,"Nexus 3000 Series Switches,Nexus 9000 Series Fabric Switches In Aci Mode,Nexus 9000 Series Switches In Standalone Nx-os Mode,Nexus 9500 R-series Line Cards And Fabric Modules",6.7,MEDIUM,0.0004199999966658652,false,,false,false,true,2024-08-04T19:16:00.000Z,,false,false,,2019-03-11T21:29:00.000Z,0
CVE-2019-1594,https://securityvulnerability.io/vulnerability/CVE-2019-1594,Cisco NX-OS Software 802.1X Extensible Authentication Protocol over LAN Denial of Service Vulnerability,"A vulnerability in the 802.1X implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incomplete input validation of Extensible Authentication Protocol over LAN (EAPOL) frames. An attacker could exploit this vulnerability by sending a crafted EAPOL frame to an interface on the targeted device. A successful exploit could allow the attacker to cause the Layer 2 (L2) forwarding process to restart multiple times, leading to a system-level restart of the device and a DoS condition. Note: This vulnerability affects only NX-OS devices configured with 802.1X functionality. Cisco Nexus 1000V Switch for VMware vSphere devices are affected in versions prior to 5.2(1)SV3(1.4b). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(4). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.3(5)N1(1) and 7.1(5)N1(1b). Nexus 7000 and 7700 Series Switches are affected in versions prior to 8.2(3). Nexus 9000 Series Fabric Switches in ACI Mode are affected in versions prior to 13.2(1l). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I7(4).",Cisco,"Nexus 1000v Switch For Vmware Vsphere,Nexus 3000 Series Switches,Nexus 3500 Platform Switches,Nexus 2000, 5500, 5600, And 6000 Series Switches,Nexus 7000 And 7700 Series Switches,Nexus 9000 Series Fabric Switches In Aci Mode,Nexus 9000 Series Switches In Standalone Nx-os Mode",7.4,HIGH,0.0005499999970197678,false,,false,false,true,2024-08-04T19:15:59.000Z,,false,false,,2019-03-06T00:00:00.000Z,0
CVE-2019-1588,https://securityvulnerability.io/vulnerability/CVE-2019-1588,Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode Arbitrary File Read Vulnerability,"A vulnerability in the Cisco Nexus 9000 Series Fabric Switches running in Application-Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to read arbitrary files on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms of user-supplied input sent to an affected device. A successful exploit could allow the attacker unauthorized access to read arbitrary files on an affected device. This vulnerability has been fixed in version 14.0(1h).",Cisco,Cisco Nx-os Software For Nexus 9000 Series Fabric Switches Aci Mode,4.4,MEDIUM,0.0004199999966658652,false,,false,false,true,2024-08-04T19:15:59.000Z,,false,false,,2019-03-06T00:00:00.000Z,0
CVE-2019-1593,https://securityvulnerability.io/vulnerability/CVE-2019-1593,Cisco NX-OS Software Bash Shell Role-Based Access Control Bypass Privilege Escalation Vulnerability,"A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to escalate their privilege level by executing commands authorized to other user roles. The attacker must authenticate with valid user credentials. The vulnerability is due to the incorrect implementation of a Bash shell command that allows role-based access control (RBAC) to be bypassed. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the Bash prompt. A successful exploit could allow the attacker to escalate their privilege level by executing commands that should be restricted to other roles. For example, a dev-ops user could escalate their privilege level to admin with a successful exploit of this vulnerability.",Cisco,"Nexus 3000 Series Switches,Nexus 3500 Platform Switches,Nexus 3600 Platform Switches,Nexus 7000 And 7700 Series Switches,Nexus 9000 Series Fabric Switches In Aci Mode,Nexus 9000 Series Switches In Standalone Nx-os Mode",7.8,HIGH,0.0004199999966658652,false,,false,false,true,2024-08-04T19:15:59.000Z,,false,false,,2019-03-06T00:00:00.000Z,0
CVE-2019-1585,https://securityvulnerability.io/vulnerability/CVE-2019-1585,Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode Privilege Escalation Vulnerability,"A vulnerability in the controller authorization functionality of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attacker to escalate standard users with root privilege on an affected device. The vulnerability is due to a misconfiguration of certain sudoers files for the bashroot component on an affected device. An attacker could exploit this vulnerability by authenticating to the affected device with a crafted user ID, which may allow temporary administrative access to escalate privileges. A successful exploit could allow the attacker to escalate privileges on an affected device. This Vulnerability has been fixed in version 4.0(1h)",Cisco,Cisco Nx-os Software For Nexus 9000 Series Fabric Switches Aci Mode,6.7,MEDIUM,0.0004199999966658652,false,,false,false,true,2024-08-04T19:15:58.000Z,,false,false,,2019-03-06T00:00:00.000Z,0
CVE-2019-1591,https://securityvulnerability.io/vulnerability/CVE-2019-1591,Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Shell Escape Vulnerability,"A vulnerability in a specific CLI command implementation of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attacker to escape a restricted shell on an affected device. The vulnerability is due to insufficient sanitization of user-supplied input when issuing a specific CLI command with parameters on an affected device. An attacker could exploit this vulnerability by authenticating to the device CLI and issuing certain commands. A successful exploit could allow the attacker to escape the restricted shell and execute arbitrary commands with root-level privileges on the affected device. This vulnerability only affects Cisco Nexus 9000 Series ACI Mode Switches that are running a release prior to 14.0(3d).",Cisco,Cisco Nx-os Software For Nexus 9000 Series Fabric Switches Aci Mode,7.8,HIGH,0.0004199999966658652,false,,false,false,true,2024-08-04T19:15:59.000Z,,false,false,,2019-03-06T00:00:00.000Z,0