CVE-2019-1587

MEDIUM

Cisco NX-OS - Information Disclosure via Filtered Query Command

Title source: llm
STIX 2.1

Description

A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, remote attacker to access sensitive information. The vulnerability occurs because the affected software does not properly validate user-supplied input. An attacker could exploit this vulnerability by issuing certain commands with filtered query results on the device. This action may cause returned messages to display confidential system information. A successful exploit could allow the attacker to read sensitive information on the device.

References (1)

Core 1

Scores

CVSS v3 4.3
EPSS 0.0120
EPSS Percentile 64.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-20 CWE-399
Status published
Products (1)
cisco/nx-os 8.3\(0\)sk\(0.39\)
Published May 03, 2019
Tracked Since Feb 18, 2026