Podatność CVE-2019-12662


Publikacja: 2019-09-25   Modyfikacja: 2019-09-26

Opis:
A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper signature verification during the installation of an Open Virtual Appliance (OVA) image. An authenticated, local attacker could exploit this vulnerability and load a malicious, unsigned OVA image on an affected device. A successful exploit could allow an attacker to perform code execution on a crafted software OVA image.

Typ:

CWE-347

(Improper Verification of Cryptographic Signature)

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
7.2/10
10/10
3.9/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Lokalny
Niska
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Pełny
Pełny
Pełny
Affected software
Cisco -> Nexus 3172tq-32t firmware 
Cisco -> Nexus 3548 firmware 
Cisco -> Nexus 7700 10-slot firmware 
Cisco -> Ios xe 
Cisco -> Nexus 3172tq-xl firmware 
Cisco -> Nexus 5548p firmware 
Cisco -> Nexus 7700 18-slot firmware 
Cisco -> Nexus 3016 firmware 
Cisco -> Nexus 3172tq firmware 
Cisco -> Nexus 5548up firmware 
Cisco -> Nexus 7700 2-slot firmware 
Cisco -> Nexus 3048 firmware 
Cisco -> Nexus 3232c firmware 
Cisco -> Nexus 5596t firmware 
Cisco -> Nexus 7700 6-slot firmware 
Cisco -> Nexus 3064-t firmware 
Cisco -> Nexus 3264c-e firmware 
Cisco -> Nexus 5596up firmware 
Cisco -> Nx-os 
Cisco -> Nexus 3064 firmware 
Cisco -> Nexus 3264q firmware 
Cisco -> Nexus 56128p firmware 
Cisco -> Nexus 31108pc-v firmware 
Cisco -> Nexus 3408-s firmware 
Cisco -> Nexus 5624q firmware 
Cisco -> Nexus 31108tc-v firmware 
Cisco -> Nexus 34180yc firmware 
Cisco -> Nexus 5648q firmware 
Cisco -> Nexus 31128pq firmware 
Cisco -> Nexus 34200yc-sm firmware 
Cisco -> Nexus 5672up firmware 
Cisco -> Nexus 3132c-z firmware 
Cisco -> Nexus 3432d-s firmware 
Cisco -> Nexus 5696q firmware 
Cisco -> Nexus 3132q-v firmware 
Cisco -> Nexus 3464c firmware 
Cisco -> Nexus 6001 firmware 
Cisco -> Nexus 3132q-xl firmware 
Cisco -> Nexus 3524-x firmware 
Cisco -> Nexus 6004 firmware 
Cisco -> Nexus 3132q firmware 
Cisco -> Nexus 3524-xl firmware 
Cisco -> Nexus 7000 10-slot firmware 
Cisco -> Nexus 3164q firmware 
Cisco -> Nexus 3524 firmware 
Cisco -> Nexus 7000 18-slot firmware 
Cisco -> Nexus 3172 firmware 
Cisco -> Nexus 3548-x firmware 
Cisco -> Nexus 7000 4-slot firmware 
Cisco -> Nexus 3172pq-xl firmware 
Cisco -> Nexus 3548-xl firmware 
Cisco -> Nexus 7000 9-slot firmware 

 Referencje:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-vman

Copyright 2022, cxsecurity.com

 

Back to Top