CVE-2019-1728
MEDIUMCisco NX-OS 8.1-8.1(1b) - Authenticated Arbitrary Command Execution via Persistent Configuration Storage
Title source: llmDescription
A vulnerability in the Secure Configuration Validation functionality of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to run arbitrary commands at system boot time with the privileges of root. The vulnerability is due to a lack of proper validation of system files when the persistent configuration information is read from the file system. An attacker could exploit this vulnerability by authenticating to the device and overwriting the persistent configuration storage with malicious executable files. An exploit could allow the attacker to run arbitrary commands at system startup and those commands will run as the root user. The attacker must have valid administrative credentials for the device.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-conf-bypass
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/108391
Scores
CVSS v3
6.7
EPSS
0.0025
EPSS Percentile
16.2%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-347
Status
published
Products (1)
cisco/nx-os
8.1 - 8.1\(1b\)
Published
May 15, 2019
Tracked Since
Feb 18, 2026