Cisco NX-OS Software
Advisory ID: BGD-2019-0009
CVE ID: CVE-2019-1601(nx-os)
Publication date: 2019-03-20
Description: A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to gain read and write access to a critical configuration file. The vulnerability is due to a failure to impose strict filesystem permissions on the targeted device. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow an attacker to use the content of this configuration file to bypass authentication and log in
Impact: A remote attacker could exploit this vulnerability to take control of an affected system.
- cisco 300 Series Managed Switch Firmware
- cisco 500 Series Switch Firmware
- cisco ASA CX Context-Aware Security Software 9.3 BASE
- cisco ASA with Firewpower Services
- cisco Adaptive Security Appliance (ASA) 5500 Content Security and Control Security Services Module (CSC-SSM) Firmware
- cisco Adaptive Security Appliance (ASA) Software
- cisco AireOS 7.6 100.0
- cisco Aironet Access Point Software 8.4(1.82)
- cisco AsyncOS
Mitigation: Administrators are advised to update the affected systems without delay.
Updates are available. Please see the references or vendor advisory for more information.
Cisco Small Business RV320 and RV325 Routers CVE-2019-1828 Weak Encryption Security Weakness
16 Apr 2019 - Advisories Test