Cisco NX-OS Software

by taranis

Advisory ID: BGD-2019-0009

Version: 1.04

Probability: medium

CVE ID: CVE-2019-1601(nx-os)

Damage: medium

Publication date: 2019-03-20

Description: A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to gain read and write access to a critical configuration file. The vulnerability is due to a failure to impose strict filesystem permissions on the targeted device. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow an attacker to use the content of this configuration file to bypass authentication and log in

Impact: A remote attacker could exploit this vulnerability to take control of an affected system.

Platform(s) affected:

• cisco 300 Series Managed Switch Firmware
• cisco 500 Series Switch Firmware
• cisco ASA CX Context-Aware Security Software 9.3 BASE
• cisco ASA with Firewpower Services
• cisco Adaptive Security Appliance (ASA) 5500 Content Security and Control Security Services Module (CSC-SSM) Firmware
• cisco Adaptive Security Appliance (ASA) Software
• cisco AireOS 7.6 100.0
• cisco Aironet Access Point Software 8.4(1.82)
• cisco AsyncOS

Mitigation: Administrators are advised to update the affected systems without delay.
Updates are available. Please see the references or vendor advisory for more information.

taranis