Cisco NX-OS CLI command injection

Summaryinfo

A vulnerability was found in Cisco NX-OS. It has been rated as critical. Affected is an unknown function of the component CLI. This manipulation causes command injection. The identification of this vulnerability is CVE-2019-1767. The attack can only be executed locally. There is no exploit available.

Detailsinfo

A vulnerability was found in Cisco NX-OS (Router Operating System) (version unknown). It has been declared as critical. Affected by this vulnerability is an unknown function of the component CLI. The manipulation with an unknown input leads to a command injection vulnerability. The CWE definition for the vulnerability is CWE-77. The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:

Multiple vulnerabilities in the implementation of a specific CLI command for Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to cause a buffer overflow condition or perform command injection. This could allow the attacker to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerabilities are due to insufficient validation of arguments passed to a certain CLI command. An attacker could exploit these vulnerabilities by including malicious input as the argument of the affected CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. An attacker would need valid administrator credentials to exploit these vulnerabilities.

The bug was discovered 05/15/2019. The weakness was shared 05/15/2019 with Cisco as cisco-sa-20190515-nxos-overflo as confirmed advisory (Website). It is possible to read the advisory at tools.cisco.com. This vulnerability is known as CVE-2019-1767 since 12/06/2018. Attacking locally is a requirement. The successful exploitation requires a single authentication. The technical details are unknown and an exploit is not publicly available. The pricing for an exploit might be around USD $0-$5k at the moment (estimation calculated on 09/19/2023). The attack technique deployed by this issue is T1202 according to MITRE ATT&CK.

The commercial vulnerability scanner Qualys is able to test this issue with plugin 316467 (Cisco NX-OS Software Buffer Overflow and Command Injection Vulnerabilities(cisco-sa-20190515-nxos-overflow-inj)).

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The vulnerability is also documented in the vulnerability database at SecurityFocus (BID 108386†). The entry VDB-135127 is related to this item. Be aware that VulDB is the high quality source for vulnerability data.

Productinfo

Type

• Router Operating System

Vendor

• Cisco

Name

• NX-OS

License

• commercial

Website

• Vendor: https://www.cisco.com/

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Be aware that VulDB is the high quality source for vulnerability data.

Discussion