Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-1593— Cisco NX-OS Software Bash Shell Role-Based Access Control Bypass Privilege Escalation Vulnerability

EPSS 0.15% · P35
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2019-1593

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Cisco NX-OS Software Bash Shell Role-Based Access Control Bypass Privilege Escalation Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to escalate their privilege level by executing commands authorized to other user roles. The attacker must authenticate with valid user credentials. The vulnerability is due to the incorrect implementation of a Bash shell command that allows role-based access control (RBAC) to be bypassed. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the Bash prompt. A successful exploit could allow the attacker to escalate their privilege level by executing commands that should be restricted to other roles. For example, a dev-ops user could escalate their privilege level to admin with a successful exploit of this vulnerability.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
权限、特权和访问控制
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco NX-OS Software 权限许可和访问控制问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco Nexus 9500 R-Series Line Cards and Fabric Modules等都是美国思科(Cisco)公司的产品。Cisco Nexus 9500 R-Series Line Cards and Fabric Modules是一款9500R系列线卡模块。Cisco Nexus 3000 Series Switches是一款3000系列交换机。Cisco Nexus 3500 Platform Switches是一款3500系列平台交换机。Cisco NX-OS Soft
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
CiscoNexus 3000 Series Switches unspecified ~ 7.0(3)I7(4) -
CiscoNexus 3500 Platform Switches unspecified ~ 7.0(3)I7(4) -
CiscoNexus 3600 Platform Switches unspecified ~ 7.0(3)F3(5) -
CiscoNexus 7000 and 7700 Series Switches unspecified ~ 8.2(3) -
CiscoNexus 9000 Series Fabric Switches in ACI Mode unspecified ~ 13.2(4d) -
CiscoNexus 9000 Series Switches in Standalone NX-OS Mode unspecified ~ 7.0(3)I4(9) -

II. Public POCs for CVE-2019-1593

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2019-1593

登录查看更多情报信息。

Same Patch Batch · Cisco · 2019-03-06 · 6 CVEs total

CVE-2019-1588Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode Arbitrary
CVE-2019-1591Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Shell Esca
CVE-2019-1594Cisco NX-OS Software 802.1X Extensible Authentication Protocol over LAN Denial of Service
CVE-2019-1595Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vu
CVE-2019-1585Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode Privilege

IV. Related Vulnerabilities

Same product: Nexus 3000 Series Switches
Same vendor: Cisco
Same weakness: CWE-264

V. Comments for CVE-2019-1593

No comments yet

Leave a comment