admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-01 03:02:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2019-03-08 15:04:38 -05:00
parent 6e5450f5d0
commit cd8f93d112
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
9 changed files with 686 additions and 662 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2018/4xxx/CVE-2018-4054.json
View File

@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0728",
"refsource" : "MISC",
"url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0728"
}
]

2
2018/4xxx/CVE-2018-4055.json
View File

@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0729",
"refsource" : "MISC",
"url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0729"
}
]

346
2019/1xxx/CVE-2019-1605.json
View File

@ -1,176 +1,176 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-03-06T16:00:00-0800",
"ID": "CVE-2019-1605",
"STATE": "PUBLIC",
"TITLE": "Cisco NX-OS Software NX-API Arbitrary Code Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MDS 9000 Series Multilayer Switches",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "8.1(1)"
}
]
}
},
{
"product_name": "Nexus 3000 Series Switches",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "7.0(3)I4(8)"
},
{
"affected": "<",
"version_value": "7.0(3)I7(1)"
}
]
}
},
{
"product_name": "Nexus 3500 Platform Switches",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "6.0(2)A8(8)"
}
]
}
},
{
"product_name": "Nexus 3600 Platform Switches",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "7.0(3)F3(5)"
}
]
}
},
{
"product_name": "Nexus 2000, 5500, 5600, and 6000 Series Switches",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "7.3(2)N1(1)"
}
]
}
},
{
"product_name": "Nexus 7000 and 7700 Series Switches",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "7.3(3)D1(1)"
}
]
}
},
{
"product_name": "Nexus 9000 Series Switches in Standalone NX-OS Mode",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "7.0(3)I4(8)"
},
{
"affected": "<",
"version_value": "7.0(3)I7(1)"
}
]
}
},
{
"product_name": "Nexus 9500 R-Series Line Cards and Fabric Modules",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "7.0(3)F3(5)"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2019-03-06T16:00:00-0800",
"ID" : "CVE-2019-1605",
"STATE" : "PUBLIC",
"TITLE" : "Cisco NX-OS Software NX-API Arbitrary Code Execution Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MDS 9000 Series Multilayer Switches",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "8.1(1)"
}
]
}
},
{
"product_name" : "Nexus 3000 Series Switches",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "7.0(3)I4(8)"
},
{
"affected" : "<",
"version_value" : "7.0(3)I7(1)"
}
]
}
},
{
"product_name" : "Nexus 3500 Platform Switches",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "6.0(2)A8(8)"
}
]
}
},
{
"product_name" : "Nexus 3600 Platform Switches",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "7.0(3)F3(5)"
}
]
}
},
{
"product_name" : "Nexus 2000, 5500, 5600, and 6000 Series Switches",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "7.3(2)N1(1)"
}
]
}
},
{
"product_name" : "Nexus 7000 and 7700 Series Switches",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "7.3(3)D1(1)"
}
]
}
},
{
"product_name" : "Nexus 9000 Series Switches in Standalone NX-OS Mode",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "7.0(3)I4(8)"
},
{
"affected" : "<",
"version_value" : "7.0(3)I7(1)"
}
]
}
},
{
"product_name" : "Nexus 9500 R-Series Line Cards and Fabric Modules",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "7.0(3)F3(5)"
}
]
}
}
]
},
"vendor_name" : "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary code as root. The vulnerability is due to incorrect input validation in the NX-API feature. An attacker could exploit this vulnerability by sending a crafted HTTP or HTTPS request to an internal service on an affected device that has the NX-API feature enabled. A successful exploit could allow the attacker to cause a buffer overflow and execute arbitrary code as root. Note: The NX-API feature is disabled by default. MDS 9000 Series Multilayer Switches are affected in versions prior to 8.1(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(8) and 7.0(3)I7(1). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(8). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.3(2)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 7.3(3)D1(1). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I4(8) and 7.0(3)I7(1). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5)."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact" : {
"cvss" : {
"baseScore" : "7.8",
"vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H ",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary code as root. The vulnerability is due to incorrect input validation in the NX-API feature. An attacker could exploit this vulnerability by sending a crafted HTTP or HTTPS request to an internal service on an affected device that has the NX-API feature enabled. A successful exploit could allow the attacker to cause a buffer overflow and execute arbitrary code as root. Note: The NX-API feature is disabled by default. MDS 9000 Series Multilayer Switches are affected in versions prior to 8.1(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(8) and 7.0(3)I7(1). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(8). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.3(2)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 7.3(3)D1(1). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I4(8) and 7.0(3)I7(1). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5)."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact": {
"cvss": {
"baseScore": "7.8",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H ",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190306 Cisco NX-OS Software NX-API Arbitrary Code Execution Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-api-ex"
}
]
},
"source": {
"advisory": "cisco-sa-20190306-nx-os-api-ex",
"defect": [
[
"CSCvh77526",
"CSCvi99224",
"CSCvi99225",
"CSCvi99227",
"CSCvi99228"
]
],
"discovery": "INTERNAL"
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20190306 Cisco NX-OS Software NX-API Arbitrary Code Execution Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-api-ex"
}
]
},
"source" : {
"advisory" : "cisco-sa-20190306-nx-os-api-ex",
"defect" : [
[
"CSCvh77526",
"CSCvi99224",
"CSCvi99225",
"CSCvi99227",
"CSCvi99228"
]
],
"discovery" : "INTERNAL"
}
}

212
2019/1xxx/CVE-2019-1606.json
View File

@ -1,109 +1,109 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-03-06T16:00:00-0800",
"ID": "CVE-2019-1606",
"STATE": "PUBLIC",
"TITLE": "Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1606)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nexus 9000 Series Switches in Standalone NX-OS Mode",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "7.0(3)I7(4)"
}
]
}
},
{
"product_name": "Nexus 3000 Series Switches",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "7.0(3)I7(4)"
}
]
}
},
{
"product_name": "Nexus 3500 Platform Switches",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "7.0(3)I7(4)"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2019-03-06T16:00:00-0800",
"ID" : "CVE-2019-1606",
"STATE" : "PUBLIC",
"TITLE" : "Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1606)"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Nexus 9000 Series Switches in Standalone NX-OS Mode",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "7.0(3)I7(4)"
}
]
}
},
{
"product_name" : "Nexus 3000 Series Switches",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "7.0(3)I7(4)"
}
]
}
},
{
"product_name" : "Nexus 3500 Platform Switches",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "7.0(3)I7(4)"
}
]
}
}
]
},
"vendor_name" : "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid user credentials to exploit this vulnerability. Nexus 3000, 3500, and Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I7(4)."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact" : {
"cvss" : {
"baseScore" : "5.3",
"vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L ",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-77"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid user credentials to exploit this vulnerability. Nexus 3000, 3500, and Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I7(4)."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact": {
"cvss": {
"baseScore": "5.3",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L ",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190306 Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1606)",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1606"
}
]
},
"source": {
"advisory": "cisco-sa-20190306-nxos-cmdinj-1606",
"defect": [
[
"CSCvh85760"
]
],
"discovery": "INTERNAL"
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20190306 Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1606)",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1606"
}
]
},
"source" : {
"advisory" : "cisco-sa-20190306-nxos-cmdinj-1606",
"defect" : [
[
"CSCvh85760"
]
],
"discovery" : "INTERNAL"
}
}

184
2019/1xxx/CVE-2019-1607.json
View File

@ -1,95 +1,95 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-03-06T16:00:00-0800",
"ID": "CVE-2019-1607",
"STATE": "PUBLIC",
"TITLE": "Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1607)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nexus 7000 and 7700 Series Switches",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "6.2(22)"
},
{
"affected": "<",
"version_value": "7.3(3)D1(1)"
},
{
"affected": "<",
"version_value": "8.2(3)"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2019-03-06T16:00:00-0800",
"ID" : "CVE-2019-1607",
"STATE" : "PUBLIC",
"TITLE" : "Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1607)"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Nexus 7000 and 7700 Series Switches",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "6.2(22)"
},
{
"affected" : "<",
"version_value" : "7.3(3)D1(1)"
},
{
"affected" : "<",
"version_value" : "8.2(3)"
}
]
}
}
]
},
"vendor_name" : "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3)."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact" : {
"cvss" : {
"baseScore" : "4.2",
"vectorString" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L ",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-77"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3)."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact": {
"cvss": {
"baseScore": "4.2",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L ",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190306 Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1607)",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1607"
}
]
},
"source": {
"advisory": "cisco-sa-20190306-nxos-cmdinj-1607",
"defect": [
[
"CSCvi01416"
]
],
"discovery": "INTERNAL"
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20190306 Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1607)",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1607"
}
]
},
"source" : {
"advisory" : "cisco-sa-20190306-nxos-cmdinj-1607",
"defect" : [
[
"CSCvi01416"
]
],
"discovery" : "INTERNAL"
}
}

222
2019/1xxx/CVE-2019-1608.json
View File

@ -1,114 +1,114 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-03-06T16:00:00-0800",
"ID": "CVE-2019-1608",
"STATE": "PUBLIC",
"TITLE": "Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1608)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MDS 9000 Series Multilayer Switches",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "6.2(27)"
},
{
"affected": "<",
"version_value": "8.1(1b)"
},
{
"affected": "<",
"version_value": "8.3(1)"
}
]
}
},
{
"product_name": "Nexus 7000 and 7700 Series Switches",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "6.2(22)"
},
{
"affected": "<",
"version_value": "7.3(3)D1(1)"
},
{
"affected": "<",
"version_value": "8.2(3)"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2019-03-06T16:00:00-0800",
"ID" : "CVE-2019-1608",
"STATE" : "PUBLIC",
"TITLE" : "Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1608)"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MDS 9000 Series Multilayer Switches",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "6.2(27)"
},
{
"affected" : "<",
"version_value" : "8.1(1b)"
},
{
"affected" : "<",
"version_value" : "8.3(1)"
}
]
}
},
{
"product_name" : "Nexus 7000 and 7700 Series Switches",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "6.2(22)"
},
{
"affected" : "<",
"version_value" : "7.3(3)D1(1)"
},
{
"affected" : "<",
"version_value" : "8.2(3)"
}
]
}
}
]
},
"vendor_name" : "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(27), 8.1(1b), and 8.3(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3)."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact" : {
"cvss" : {
"baseScore" : "4.2",
"vectorString" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L ",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-77"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(27), 8.1(1b), and 8.3(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3)."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact": {
"cvss": {
"baseScore": "4.2",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L ",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190306 Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1608)",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1608"
}
]
},
"source": {
"advisory": "cisco-sa-20190306-nxos-cmdinj-1608",
"defect": [
[
"CSCvi01422"
]
],
"discovery": "INTERNAL"
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20190306 Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1608)",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1608"
}
]
},
"source" : {
"advisory" : "cisco-sa-20190306-nxos-cmdinj-1608",
"defect" : [
[
"CSCvi01422"
]
],
"discovery" : "INTERNAL"
}
}

360
2019/1xxx/CVE-2019-1609.json
View File

@ -1,183 +1,183 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-03-06T16:00:00-0800",
"ID": "CVE-2019-1609",
"STATE": "PUBLIC",
"TITLE": "Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1609)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MDS 9000 Series Multilayer Switches",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "6.2(27)"
},
{
"affected": "<",
"version_value": "8.1(1b)"
},
{
"affected": "<",
"version_value": "8.3(2)"
}
]
}
},
{
"product_name": "Nexus 3500 Platform Switches",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "7.0(3)I7(6)"
}
]
}
},
{
"product_name": "Nexus 3000 Series Switches",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "7.0(3)I4(9)"
},
{
"affected": "<",
"version_value": "7.0(3)I7(6)"
}
]
}
},
{
"product_name": "Nexus 3600 Platform Switches",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "7.0(3)F3(5)"
}
]
}
},
{
"product_name": "Nexus 7000 and 7700 Series Switches",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "6.2(22)"
},
{
"affected": "<",
"version_value": "7.3(3)D1(1)"
},
{
"affected": "<",
"version_value": "8.2(3)"
},
{
"affected": "<",
"version_value": "8.3(2)"
}
]
}
},
{
"product_name": "Nexus 9000 Series Switches in Standalone NX-OS Mode",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "7.0(3)I4(9)"
},
{
"affected": "<",
"version_value": "7.0(3)I7(6)"
}
]
}
},
{
"product_name": "Nexus 9500 R-Series Line Cards and Fabric Modules",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "7.0(3)F3(5)"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2019-03-06T16:00:00-0800",
"ID" : "CVE-2019-1609",
"STATE" : "PUBLIC",
"TITLE" : "Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1609)"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MDS 9000 Series Multilayer Switches",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "6.2(27)"
},
{
"affected" : "<",
"version_value" : "8.1(1b)"
},
{
"affected" : "<",
"version_value" : "8.3(2)"
}
]
}
},
{
"product_name" : "Nexus 3500 Platform Switches",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "7.0(3)I7(6)"
}
]
}
},
{
"product_name" : "Nexus 3000 Series Switches",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "7.0(3)I4(9)"
},
{
"affected" : "<",
"version_value" : "7.0(3)I7(6)"
}
]
}
},
{
"product_name" : "Nexus 3600 Platform Switches",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "7.0(3)F3(5)"
}
]
}
},
{
"product_name" : "Nexus 7000 and 7700 Series Switches",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "6.2(22)"
},
{
"affected" : "<",
"version_value" : "7.3(3)D1(1)"
},
{
"affected" : "<",
"version_value" : "8.2(3)"
},
{
"affected" : "<",
"version_value" : "8.3(2)"
}
]
}
},
{
"product_name" : "Nexus 9000 Series Switches in Standalone NX-OS Mode",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "7.0(3)I4(9)"
},
{
"affected" : "<",
"version_value" : "7.0(3)I7(6)"
}
]
}
},
{
"product_name" : "Nexus 9500 R-Series Line Cards and Fabric Modules",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "7.0(3)F3(5)"
}
]
}
}
]
},
"vendor_name" : "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(27), 8.1(1b), and 8.3(2). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(6). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(6). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), 8.2(3), and 8.3(2). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I4(9) and7.0(3)I7(6). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5)."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact" : {
"cvss" : {
"baseScore" : "4.2",
"vectorString" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L ",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-77"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(27), 8.1(1b), and 8.3(2). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(6). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(6). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), 8.2(3), and 8.3(2). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I4(9) and7.0(3)I7(6). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5)."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact": {
"cvss": {
"baseScore": "4.2",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L ",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190306 Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1609)",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1609"
}
]
},
"source": {
"advisory": "cisco-sa-20190306-nxos-cmdinj-1609",
"defect": [
[
"CSCvj63253",
"CSCvk51387",
"CSCvk51388"
]
],
"discovery": "INTERNAL"
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20190306 Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1609)",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1609"
}
]
},
"source" : {
"advisory" : "cisco-sa-20190306-nxos-cmdinj-1609",
"defect" : [
[
"CSCvj63253",
"CSCvk51387",
"CSCvk51388"
]
],
"discovery" : "INTERNAL"
}
}

2
2019/5xxx/CVE-2019-5015.json
View File

@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0773",
"refsource" : "MISC",
"url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0773"
}
]

18
2019/9xxx/CVE-2019-9635.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9635",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}