{"containers": {"cna": {"affected": [{"product": "Cisco NX-OS Software", "vendor": "Cisco", "versions": [{"lessThan": "8.3(1)", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2019-05-15T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device."}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-347", "description": "CWE-347", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-05-23T08:06:01.000Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20190515 Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-sisv2"}, {"name": "108425", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/108425"}], "source": {"advisory": "cisco-sa-20190515-nxos-sisv2", "defect": [["CSCvj14093", "CSCvj14106", "CSCvj14182", "CSCvk53125", "CSCvk53227", "CSCvk53256"]], "discovery": "INTERNAL"}, "title": "Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-05-15T16:00:00-0700", "ID": "CVE-2019-1811", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco NX-OS Software", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_value": "8.3(1)"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device."}]}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."}], "impact": {"cvss": {"baseScore": "6.7", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-347"}]}]}, "references": {"reference_data": [{"name": "20190515 Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-sisv2"}, {"name": "108425", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108425"}]}, "source": {"advisory": "cisco-sa-20190515-nxos-sisv2", "defect": [["CSCvj14093", "CSCvj14106", "CSCvj14182", "CSCvk53125", "CSCvk53227", "CSCvk53256"]], "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T18:28:42.875Z"}, "title": "CVE Program Container", "references": [{"name": "20190515 Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-sisv2"}, {"name": "108425", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/108425"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-20T16:54:25.912653Z", "id": "CVE-2019-1811", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-20T17:18:58.154Z"}}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1811", "datePublished": "2019-05-15T22:20:32.758Z", "dateReserved": "2018-12-06T00:00:00.000Z", "dateUpdated": "2024-11-20T17:18:58.154Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-sisv2", "name": "20190515 Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"]}, {"url": "http://www.securityfocus.com/bid/108425", "name": "108425", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T18:28:42.875Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-1811", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-20T16:54:25.912653Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-20T16:55:20.067Z"}}], "cna": {"title": "Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities", "source": {"defect": [["CSCvj14093", "CSCvj14106", "CSCvj14182", "CSCvk53125", "CSCvk53227", "CSCvk53256"]], "advisory": "cisco-sa-20190515-nxos-sisv2", "discovery": "INTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Cisco", "product": "Cisco NX-OS Software", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "8.3(1)", "versionType": "custom"}]}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."}], "datePublic": "2019-05-15T00:00:00.000Z", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-sisv2", "name": "20190515 Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities", "tags": ["vendor-advisory", "x_refsource_CISCO"]}, {"url": "http://www.securityfocus.com/bid/108425", "name": "108425", "tags": ["vdb-entry", "x_refsource_BID"]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-347", "description": "CWE-347"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2019-05-23T08:06:01.000Z"}, "x_legacyV4Record": {"impact": {"cvss": {"version": "3.0", "baseScore": "6.7", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}}, "source": {"defect": [["CSCvj14093", "CSCvj14106", "CSCvj14182", "CSCvk53125", "CSCvk53227", "CSCvk53256"]], "advisory": "cisco-sa-20190515-nxos-sisv2", "discovery": "INTERNAL"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"affected": "<", "version_value": "8.3(1)", "version_affected": "<"}]}, "product_name": "Cisco NX-OS Software"}]}, "vendor_name": "Cisco"}]}}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."}], "data_type": "CVE", "references": {"reference_data": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-sisv2", "name": "20190515 Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities", "refsource": "CISCO"}, {"url": "http://www.securityfocus.com/bid/108425", "name": "108425", "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-347"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2019-1811", "STATE": "PUBLIC", "TITLE": "Cisco NX-OS CLI Command Software Image Signature Verification Vulnerabilities", "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-05-15T16:00:00-0700"}}}}, "cveMetadata": {"cveId": "CVE-2019-1811", "state": "PUBLISHED", "dateUpdated": "2024-11-20T17:18:58.154Z", "dateReserved": "2018-12-06T00:00:00.000Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2019-05-15T22:20:32.758Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "5EBDB710-2B63-4219-8B3D-A930008C0122", "versionEndExcluding": "7.0\\(3\\)i7\\(5\\)", "versionStartIncluding": "6.0\\(2\\)", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "F38F5064-F7E2-4B6F-BB50-32DBC205E164", "versionEndExcluding": "9.2\\(2\\)", "versionStartIncluding": "9.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_3048:-:*:*:*:*:*:*:*", "matchCriteriaId": "FC2A6C31-438A-4CF5-A3F3-364B1672EB7D", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_31108pc-v:-:*:*:*:*:*:*:*", "matchCriteriaId": "4E930332-CDDD-48D5-93BC-C22D693BBFA2", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_31108tc-v:-:*:*:*:*:*:*:*", "matchCriteriaId": "7BF4B8FE-E134-4491-B5C2-C1CFEB64731B", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_31128pq:-:*:*:*:*:*:*:*", "matchCriteriaId": "F4226DA0-9371-401C-8247-E6E636A116C3", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_3132c-z:-:*:*:*:*:*:*:*", "matchCriteriaId": "7664666F-BCE4-4799-AEEA-3A73E6AD33F4", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_3132q-v:-:*:*:*:*:*:*:*", "matchCriteriaId": "B3293438-3D18-45A2-B093-2C3F65783336", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_3132q-x\\/3132q-xl:-:*:*:*:*:*:*:*", "matchCriteriaId": "E142C18F-9FB5-4D96-866A-141D7D16CAF7", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_3164q:-:*:*:*:*:*:*:*", "matchCriteriaId": "FA782EB3-E8E6-4DCF-B39C-B3CBD46E4384", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_3172pq\\/pq-xl:-:*:*:*:*:*:*:*", "matchCriteriaId": "8EFC116A-627F-4E05-B631-651D161217C8", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_3172tq-xl:-:*:*:*:*:*:*:*", "matchCriteriaId": "F3229124-B097-4AAC-8ACD-2F9C89DCC3AB", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_3232c:-:*:*:*:*:*:*:*", "matchCriteriaId": "652A2849-668D-4156-88FB-C19844A59F33", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_3264c-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "24FBE87B-8A4F-43A8-98A3-4A7D9C630937", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_3264q:-:*:*:*:*:*:*:*", "matchCriteriaId": "6ACD09AC-8B28-4ACB-967B-AB3D450BC137", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_3408-s:-:*:*:*:*:*:*:*", "matchCriteriaId": "7D397349-CCC6-479B-9273-FB1FFF4F34F2", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_34180yc:-:*:*:*:*:*:*:*", "matchCriteriaId": "DC7286A7-780F-4A45-940A-4AD5C9D0F201", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_3432d-s:-:*:*:*:*:*:*:*", "matchCriteriaId": "5F7AF8D7-431B-43CE-840F-CC0817D159C0", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_3464c:-:*:*:*:*:*:*:*", "matchCriteriaId": "DAC204C8-1A5A-4E85-824E-DC9B8F6A802D", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_3524-x\\/xl:-:*:*:*:*:*:*:*", "matchCriteriaId": "E505C0B1-2119-4C6A-BF96-C282C633D169", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_3548-x\\/xl:-:*:*:*:*:*:*:*", "matchCriteriaId": "915EF8F6-6039-4DD0-B875-30D911752B74", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_36180yc-r:-:*:*:*:*:*:*:*", "matchCriteriaId": "95D2C4C3-65CE-4612-A027-AF70CEFC3233", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_3636c-r:-:*:*:*:*:*:*:*", "matchCriteriaId": "57572E4A-78D5-4D1A-938B-F05F01759612", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "96BFEE5D-EF9F-4C21-BC51-FBA71029A6A7", "versionEndExcluding": "7.0\\(3\\)f3\\(5\\)", "versionStartIncluding": "7.0\\(3\\)", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "F38F5064-F7E2-4B6F-BB50-32DBC205E164", "versionEndExcluding": "9.2\\(2\\)", "versionStartIncluding": "9.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:n9k-c9504-fm-r:-:*:*:*:*:*:*:*", "matchCriteriaId": "91595E9E-BF7A-4438-9D25-05AB29DD16ED", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:n9k-c9508-fm-r:-:*:*:*:*:*:*:*", "matchCriteriaId": "4818B000-7022-445A-8B0F-6B2E937AAEA3", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_36180yc-r:-:*:*:*:*:*:*:*", "matchCriteriaId": "95D2C4C3-65CE-4612-A027-AF70CEFC3233", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_3636c-r:-:*:*:*:*:*:*:*", "matchCriteriaId": "57572E4A-78D5-4D1A-938B-F05F01759612", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "13870733-AF0E-4453-AA0D-4A624F5AF2DD", "versionEndExcluding": "7.0\\(3\\)i7\\(5\\)", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "F38F5064-F7E2-4B6F-BB50-32DBC205E164", "versionEndExcluding": "9.2\\(2\\)", "versionStartIncluding": "9.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:9432pq:-:*:*:*:*:*:*:*", "matchCriteriaId": "5E88418C-0BC4-4D90-A14D-0B89F8399AA5", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:9536pq:-:*:*:*:*:*:*:*", "matchCriteriaId": "4AB93AD1-B5DD-4A69-B1A3-3F163BD2D8BA", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:9636pq:-:*:*:*:*:*:*:*", "matchCriteriaId": "19F88FB2-1A75-4166-A4F5-039D67EAA1D9", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:9736pq:-:*:*:*:*:*:*:*", "matchCriteriaId": "A01B0559-5632-4658-AA3A-221DD28D963F", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:n9k-x9432c-s:-:*:*:*:*:*:*:*", "matchCriteriaId": "082A5A44-DC9A-4B48-8F28-1D0EC7F82410", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:n9k-x9464px:-:*:*:*:*:*:*:*", "matchCriteriaId": "19BCB669-5CC8-4C67-B34C-3F5ADDD4C232", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:n9k-x9464tx2:-:*:*:*:*:*:*:*", "matchCriteriaId": "D5E693D2-F1D5-4D22-885B-AE853221ABA9", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:n9k-x9564px:-:*:*:*:*:*:*:*", "matchCriteriaId": "C63F63AD-94EC-4A6D-92AF-7FBF6275746A", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:n9k-x9564tx:-:*:*:*:*:*:*:*", "matchCriteriaId": "490EAB88-A0F3-4A88-9A81-B414CE78B34B", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:n9k-x9636c-r:-:*:*:*:*:*:*:*", "matchCriteriaId": "7A9CE53D-E8B7-46CD-9B8B-C746A2524BA8", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:n9k-x9636c-rx:-:*:*:*:*:*:*:*", "matchCriteriaId": "C6782DA1-5568-410D-86E6-2C2B909693DD", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:n9k-x97160yc-ex:-:*:*:*:*:*:*:*", "matchCriteriaId": "04A26215-DEB3-4337-AFE0-5E23C760060D", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:n9k-x9732c-ex:-:*:*:*:*:*:*:*", "matchCriteriaId": "6B8F7177-147E-47C0-ADFB-4CD0768D52CD", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:n9k-x9732c-fx:-:*:*:*:*:*:*:*", "matchCriteriaId": "06A72F9F-773A-463D-8BEB-6B316DF21CFD", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:n9k-x9736c-ex:-:*:*:*:*:*:*:*", "matchCriteriaId": "8FC94E7D-84AF-4D2A-85A7-264CED2D107B", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:n9k-x9736c-fx:-:*:*:*:*:*:*:*", "matchCriteriaId": "BC0082AD-1EFB-4AFE-9974-EAAB926553F3", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:n9k-x9788tc-fx:-:*:*:*:*:*:*:*", "matchCriteriaId": "4BFAAE41-AD17-4F69-9029-8DD90D824E6F", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_92160yc-x:-:*:*:*:*:*:*:*", "matchCriteriaId": "4283E433-7F8C-4410-B565-471415445811", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_92300yc:-:*:*:*:*:*:*:*", "matchCriteriaId": "F80AB6FB-32FD-43D7-A9F1-80FA47696210", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_93108tc-ex:-:*:*:*:*:*:*:*", "matchCriteriaId": "A90184B3-C82F-4CE5-B2AD-97D5E4690871", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_93108tc-fx:-:*:*:*:*:*:*:*", "matchCriteriaId": "4AB89849-6DA4-4C9D-BC3F-EE0E41FD1901", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*", "matchCriteriaId": "07DE6F63-2C7D-415B-8C34-01EC05C062F3", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_9316d-gx:-:*:*:*:*:*:*:*", "matchCriteriaId": "102F91CD-DFB6-43D4-AE5B-DA157A696230", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_93180lc-ex:-:*:*:*:*:*:*:*", "matchCriteriaId": "E952A96A-0F48-4357-B7DD-1127D8827650", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_93180yc-ex:-:*:*:*:*:*:*:*", "matchCriteriaId": "F70D81F1-8B12-4474-9060-B4934D8A3873", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_93180yc-fx:-:*:*:*:*:*:*:*", "matchCriteriaId": "7349D69B-D8FA-4462-AA28-69DD18A652D9", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_93216tc-fx2:-:*:*:*:*:*:*:*", "matchCriteriaId": "B1CC5F78-E88B-4B82-9E3E-C73D3A49DE26", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_93240yc-fx2:-:*:*:*:*:*:*:*", "matchCriteriaId": "91231DC6-2773-4238-8C14-A346F213B5E5", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_9332c:-:*:*:*:*:*:*:*", "matchCriteriaId": "2DF88547-BAF4-47B0-9F60-80A30297FCEB", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_93360yc-fx2:-:*:*:*:*:*:*:*", "matchCriteriaId": "C45A38D6-BED6-4FEF-AD87-A1E813695DE0", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_9336c-fx2:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1FC2B1F-232E-4754-8076-CC82F3648730", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_9348gc-fxp:-:*:*:*:*:*:*:*", "matchCriteriaId": "17C7E3DB-8E1A-47AD-B1C5-61747DC0CFB9", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_93600cd-gx:-:*:*:*:*:*:*:*", "matchCriteriaId": "2CF467E2-4567-426E-8F48-39669E0F514C", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_9364c:-:*:*:*:*:*:*:*", "matchCriteriaId": "63842B25-8C32-4988-BBBD-61E9CB09B4F3", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_9500_supervisor_a:-:*:*:*:*:*:*:*", "matchCriteriaId": "31B9D1E4-10B9-4B6F-B848-D93ABF6486D6", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_9500_supervisor_a\\+:-:*:*:*:*:*:*:*", "matchCriteriaId": "CB270C45-756E-400A-979F-D07D750C881A", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_9500_supervisor_b:-:*:*:*:*:*:*:*", "matchCriteriaId": "4E8A085C-2DBA-4269-AB01-B16019FBB4DA", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_9500_supervisor_b\\+:-:*:*:*:*:*:*:*", "matchCriteriaId": "A79DD582-AF68-44F1-B640-766B46EF2BE2", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_9504:-:*:*:*:*:*:*:*", "matchCriteriaId": "768BE390-5ED5-48A7-9E80-C4DE8BA979B1", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_9508:-:*:*:*:*:*:*:*", "matchCriteriaId": "DDC2F709-AFBE-48EA-A3A2-DA1134534FB6", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_9516:-:*:*:*:*:*:*:*", "matchCriteriaId": "7E02DC82-0D26-436F-BA64-73C958932B0A", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:x9636q-r:-:*:*:*:*:*:*:*", "matchCriteriaId": "90F30A43-9E4F-4A03-8060-A38B0925DBD2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device."}, {"lang": "es", "value": "Una vulnerabilidad en la funci\u00f3n Image Signature Verification del programa Cisco NX-OS podr\u00eda permitir que un atacante local autenticado con credenciales de administrador para instalar una imagen de programa malintencionado en un dispositivo afectado. La vulnerabilidad se debe a que las firmas digitales del programa no se verifican correctamente durante la ejecuci\u00f3n del comando CLI. Un atacante podr\u00eda aprovechar esta vulnerabilidad para instalar una imagen de programa sin firmar en un dispositivo afectado."}], "id": "CVE-2019-1811", "lastModified": "2024-11-21T04:37:25.917", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "ykramarz@cisco.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-05-15T23:29:01.230", "references": [{"source": "ykramarz@cisco.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/108425"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-sisv2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/108425"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-sisv2"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-347"}], "source": "ykramarz@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-347"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}