admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 14:08:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'Cisco_CVE-2019-1600' of https://github.com/CiscoPSIRT/cvelist into CiscoPSIRT-Cisco_CVE-2019-1600

Browse Source
This commit is contained in:
CVE Team 2019-03-07 14:37:10 -05:00
commit 8c577e2a28
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
1 changed files with 229 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

245
2019/1xxx/CVE-2019-1600.json
View File

@ -1,18 +1,231 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-1600",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-03-06T16:00:00-0800",
"ID": "CVE-2019-1600",
"STATE": "PUBLIC",
"TITLE": "Cisco FXOS and NX-OS Software Unauthorized Directory Access Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firepower 4100 Series Next-Generation Firewalls",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "2.2.2.91"
},
{
"affected": "<",
"version_value": "2.3.1.110"
}
]
}
},
{
"product_name": "Firepower 9300 Series Next-Generation Firewalls",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "2.2.2.91"
},
{
"affected": "<",
"version_value": "2.3.1.110"
}
]
}
},
{
"product_name": "MDS 9000 Series Multilayer Switches",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "6.2(25)"
},
{
"affected": "<",
"version_value": "8.1(1b)"
},
{
"affected": "<",
"version_value": "8.3(1)"
}
]
}
},
{
"product_name": "Nexus 3000 Series Switches",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "7.0(3)I4(9)"
},
{
"affected": "<",
"version_value": "7.0(3)I7(4)"
}
]
}
},
{
"product_name": "Nexus 3500 Platform Switches",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "6.0(2)A8(10)"
},
{
"affected": "<",
"version_value": "7.0(3)I7(4)"
}
]
}
},
{
"product_name": "Nexus 3600 Platform Switches ",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "7.0(3)F3(5)"
}
]
}
},
{
"product_name": "Nexus 2000, 5500, 5600, and 6000 Series Switches",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "7.1(5)N1(1b)"
},
{
"affected": "<",
"version_value": "7.3(3)N1(1)"
}
]
}
},
{
"product_name": "Nexus 7000 and 7700 Series Switches",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "6.2(22)"
},
{
"affected": "<",
"version_value": "7.3(3)D1(1)"
},
{
"affected": "<",
"version_value": "8.2(3)"
}
]
}
},
{
"product_name": "Nexus 9000 Series Switches-Standalone",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "7.0(3)I4(9)"
},
{
"affected": "<",
"version_value": "7.0(3)I7(4)"
}
]
}
},
{
"product_name": "Nexus 9500 R-Series Line Cards and Fabric Modules",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "7.0(3)F3(5)"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the file system permissions of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive information that is stored in the file system of an affected system. The vulnerability is due to improper implementation of file system permissions. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow the attacker to access sensitive and critical files. Firepower 4100 Series Next-Generation Firewalls are affected in versions prior to 2.2.2.91 and 2.3.1.110. Firepower 9300 Series Next-Generation Firewalls are affected in versions prior to 2.2.2.91 and 2.3.1.110. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(25), 8.1(1b), and 8.3(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.1(5)N1(1b) and 7.3(3)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5)."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact": {
"cvss": {
"baseScore": "6.7",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H ",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190306 Cisco FXOS and NX-OS Software Unauthorized Directory Access Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-directory"
}
]
},
"source": {
"advisory": "cisco-sa-20190306-nxos-directory",
"defect": [
[
"CSCvh75886",
"CSCvh75949",
"CSCvi96549",
"CSCvi96551",
"CSCvi96554",
"CSCvi96559"
]
],
"discovery": "INTERNAL"
}
}