CVE-2019-1732

A vulnerability in the Remote Package Manager (RPM) subsystem of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to leverage a time-of-check, time-of-use (TOCTOU) race condition to corrupt local variables, which could lead to arbitrary command injection. The vulnerability is due to the lack of a proper locking mechanism on critical variables that need to stay static until used. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a set of RPM-related CLI commands. A successful exploit could allow the attacker to perform arbitrary command injection. The attacker would need administrator credentials for the targeted device.

CVSS v3 6.4 MEDIUM
CVSS v2.0 6.9 MEDIUM

6.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.5 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/108361	Third Party Advisory VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-rpm-injec	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:nexus_3000:-:::::::*
	cpe:2.3:h:cisco:nexus_3100:-:::::::*
	cpe:2.3:h:cisco:nexus_3100-z:-:::::::*
	cpe:2.3:h:cisco:nexus_3100v:-:::::::*
	cpe:2.3:h:cisco:nexus_3200:-:::::::*
	cpe:2.3:h:cisco:nexus_3400:-:::::::*
	cpe:2.3:h:cisco:nexus_3500:-:::::::*
	cpe:2.3:h:cisco:nexus_3524-x:-:::::::*
	cpe:2.3:h:cisco:nexus_3524-xl:-:::::::*
	cpe:2.3:h:cisco:nexus_3548-x:-:::::::*
	cpe:2.3:h:cisco:nexus_3548-xl:-:::::::*
	cpe:2.3:h:cisco:nexus_9000:-:::::::*
	cpe:2.3:h:cisco:nexus_9200:-:::::::*
	cpe:2.3:h:cisco:nexus_9300:-:::::::*
	cpe:2.3:h:cisco:nexus_9500:-:::::::*

Configuration 2 (hide)

AND

cpe:2.3:o:cisco:nx_os:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:nexus_3600:-:*:*:*:*:*:*:*

History

03 Nov 2021, 15:23

Type	Values Removed	Values Added
References	~~(BID) http://www.securityfocus.com/bid/108361 - Third Party Advisory~~	(BID) http://www.securityfocus.com/bid/108361 - Third Party Advisory, VDB Entry
CWE	~~CWE-78~~	CWE-667

Information

Published : 2019-05-15 17:29

Updated : 2023-12-10 12:59

NVD link : CVE-2019-1732

Mitre link : CVE-2019-1732

CVE.ORG link : CVE-2019-1732

JSON object : View

Products Affected

cisco

nexus_9500
nexus_3600
nexus_3548-xl
nexus_9200
nexus_3548-x
nexus_9300
nx_os
nexus_3100
nexus_3000
nexus_3500
nexus_3200
nexus_3524-xl
nexus_3100-z
nexus_9000
nexus_3524-x
nexus_3100v
nx-os
nexus_3400

CWE

CWE-667

Improper Locking

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

6.4 /10