Cisco NX-OS prior 7.0(3)I4(9) CLI os command injection

Summaryinfo

A vulnerability was found in Cisco NX-OS. It has been classified as critical. This vulnerability affects unknown code of the component CLI. This manipulation causes os command injection. This vulnerability appears as CVE-2019-1612. The attack requires local access. There is no available exploit. Upgrading the affected component is recommended.

Detailsinfo

A vulnerability classified as critical was found in Cisco NX-OS (Router Operating System). Affected by this vulnerability is an unknown code block of the component CLI. The manipulation with an unknown input leads to a os command injection vulnerability. The CWE definition for the vulnerability is CWE-78. The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. Nexus 3000 Series Switches are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected running software versions prior to 7.0(3)I7(4). Nexus 3600 Platform Switches are affected running software versions prior to 7.0(3)F3(5). Nexus 9000 Series Switches in Stand are affected running software versions prior to 7.0(3)F3(5).

The bug was discovered 03/06/2019. The weakness was presented 03/11/2019 as cisco-sa-20190306-nxos-cmdinj- as confirmed advisory (Website). It is possible to read the advisory at tools.cisco.com. This vulnerability is known as CVE-2019-1612 since 12/06/2018. Attacking locally is a requirement. The requirement for exploitation is a single authentication. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1202 according to MITRE ATT&CK.

The vulnerability was handled as a non-public zero-day exploit for at least 5 days. During that time the estimated underground price was around $5k-$25k. The commercial vulnerability scanner Qualys is able to test this issue with plugin 316417 (Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1612)(cisco-sa-20190306-nxos-cmdinj-1612)).

Upgrading to version 7.0(3)I4(9) eliminates this vulnerability.

See VDB-131502, VDB-131503, VDB-131504 and VDB-131505 for similar entries. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Type

• Router Operating System

Vendor

• Cisco

Name

• NX-OS

License

• commercial

Website

• Vendor: https://www.cisco.com/

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Discussion