Detections
Analytics
Cisco NX-OS Software CLI to Internal Service Bypass (cisco-sa-20190515-nxos-cli-bypass)
high Nessus Plugin ID 139666
Language:
Synopsis
The remote device is missing a vendor-supplied security patchDescription
According to its self-reported version, Cisco Unified Computing System (Managed) is affected by following vulnerability- A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to access internal services that should be restricted on an affected device, such as the NX-API.The vulnerability is due to insufficient validation of arguments passed to a certain CLI command. An attacker could exploit this vulnerability by including malicious input as the argument to the affected command. A successful exploit could allow the attacker to bypass intended restrictions and access internal services of the device. An attacker would need valid device credentials to exploit this vulnerability. (CVE-2019-1726)
Please see the included Cisco BIDs and Cisco Security Advisory for more information
Solution
Upgrade to the relevant fixed version referenced in the appropriate Cisco bug ID:- CSCvh24771
- CSCvi99247
- CSCvi99248
- CSCvi99250
- CSCvi99251
- CSCvi99252
- CSCvh24771
- CSCvn11851
See Also
http://www.nessus.org/u?d14497b3
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvh24771
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvi99247
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvi99248
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvi99250
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvi99251
Plugin Details
Severity: High
ID: 139666
File Name: cisco-sa-20190515-nxos-cli-bypass.nasl
Version: 1.10
Type: combined
Family: CISCO
Published: 8/18/2020
Updated: 6/14/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 4.6
Temporal Score: 3.4
Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2019-1726
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:cisco:nx-os
Required KB Items: Host/Cisco/NX-OS/Version, Host/Cisco/NX-OS/Model, Host/Cisco/NX-OS/Device
Exploit Ease: No known exploits are available
Patch Publication Date: 5/15/2019
Vulnerability Publication Date: 5/15/2019
Reference Information
CVE: CVE-2019-1726
CISCO-SA: cisco-sa-20190515-nxos-cli-bypass
IAVA: 2019-A-0173
CISCO-BUG-ID: CSCvh24771, CSCvi99247, CSCvi99248, CSCvi99250, CSCvi99251, CSCvi99252, CSCvn11851