Cisco NX-OS Software
Advisory ID: BGD-2019-0009
CVE ID: CVE-2019-1601(nx-os)
Publication date: 2019-03-20
Description: A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to gain read and write access to a critical configuration file. The vulnerability is due to a failure to impose strict filesystem permissions on the targeted device. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow an attacker to use the content of this configuration file to bypass authentication and log in
Impact: A remote attacker could exploit this vulnerability to take control of an affected system.
- cisco 300 Series Managed Switch Firmware
- cisco 500 Series Switch Firmware
- cisco ASA CX Context-Aware Security Software 9.3 BASE
- cisco ASA with Firewpower Services
- cisco Adaptive Security Appliance (ASA) 5500 Content Security and Control Security Services Module (CSC-SSM) Firmware
- cisco Adaptive Security Appliance (ASA) Software
- cisco AireOS 7.6 100.0
- cisco Aironet Access Point Software 8.4(1.82)
- cisco AsyncOS
Mitigation: Administrators are advised to update the affected systems without delay.
Updates are available. Please see the references or vendor advisory for more information.
16 Apr 2019 - Advisories Test