Summaryinfo

A vulnerability was found in Cisco NX-OS. It has been rated as critical. Affected by this issue is some unknown functionality of the component Filesystem Permission. The manipulation leads to access control. This vulnerability is handled as CVE-2019-1601. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Detailsinfo

A vulnerability was found in Cisco NX-OS (Router Operating System) (affected version not known). It has been declared as critical. Affected by this vulnerability is some unknown functionality of the component Filesystem Permission. The manipulation with an unknown input leads to a access control vulnerability. The CWE definition for the vulnerability is CWE-284. The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:

A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to gain read and write access to a critical configuration file. The vulnerability is due to a failure to impose strict filesystem permissions on the targeted device. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow an attacker to use the content of this configuration file to bypass authentication and log in as any user of the device. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(25), 8.1(1b), and 8.3(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.1(5)N1(1b) and 7.3(3)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).

The bug was discovered 03/06/2019. The weakness was disclosed 03/08/2019 as cisco-sa-20190306-nxos-file-ac as confirmed advisory (Website). The advisory is shared at tools.cisco.com. This vulnerability is known as CVE-2019-1601 since 12/06/2018. An attack has to be approached locally. A single authentication is required for exploitation. Neither technical details nor an exploit are publicly available. MITRE ATT&CK project uses the attack technique T1068 for this issue.

The vulnerability was handled as a non-public zero-day exploit for at least 2 days. During that time the estimated underground price was around $5k-$25k. The commercial vulnerability scanner Qualys is able to test this issue with plugin 316425 (Cisco NX-OS Software Unauthorized Filesystem Access Vulnerability(cisco-sa-20190306-nxos-file-access)).

Upgrading eliminates this vulnerability.

The entries VDB-131501, VDB-131500, VDB-131499 and VDB-131498 are pretty similar. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Productinfo

Type

• Router Operating System

Vendor

• Cisco

Name

• NX-OS

License

• commercial

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion