CVE-2019-1591
Description
A vulnerability in a specific CLI command implementation of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attacker to escape a restricted shell on an affected device. The vulnerability is due to insufficient sanitization of user-supplied input when issuing a specific CLI command with parameters on an affected device. An attacker could exploit this vulnerability by authenticating to the device CLI and issuing certain commands. A successful exploit could allow the attacker to escape the restricted shell and execute arbitrary commands with root-level privileges on the affected device. This vulnerability only affects Cisco Nexus 9000 Series ACI Mode Switches that are running a release prior to 14.0(3d).
Risk Information
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Shell Escape Vulnerability For Cisco NX-OS System Software in ACI Mode 11.0 | NCM |
| Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Shell Escape Vulnerability For Cisco NX-OS System Software in ACI Mode 11.1 | NCM |
| Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Shell Escape Vulnerability For Cisco NX-OS System Software in ACI Mode 11.2 | NCM |
| Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Shell Escape Vulnerability For Cisco NX-OS System Software in ACI Mode 11.3 | NCM |
| Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Shell Escape Vulnerability For Cisco NX-OS System Software in ACI Mode 12.0 | NCM |
| Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Shell Escape Vulnerability For Cisco NX-OS System Software in ACI Mode 12.1 | NCM |
| Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Shell Escape Vulnerability For Cisco NX-OS System Software in ACI Mode 12.2 | NCM |
| Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Shell Escape Vulnerability For Cisco NX-OS System Software in ACI Mode 12.3 | NCM |
| Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Shell Escape Vulnerability For Cisco NX-OS System Software in ACI Mode 13.0 | NCM |
| Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Shell Escape Vulnerability For Cisco NX-OS System Software in ACI Mode 13.1 | NCM |
| Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Shell Escape Vulnerability For Cisco NX-OS System Software in ACI Mode 13.2 | NCM |
| Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Shell Escape Vulnerability For Cisco NX-OS System Software in ACI Mode 14.0 | NCM |
| Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) Vulnerability (CVE-2019-1591) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1706157 | Security Update for Cisco NX-OS System Software in ACI Mode 11.0 9.2(1) |
| PATCH-1706159 | Security Update for Cisco NX-OS System Software in ACI Mode 11.1 9.2(1) |
| PATCH-1706161 | Security Update for Cisco NX-OS System Software in ACI Mode 11.2 9.2(1) |
| PATCH-1706163 | Security Update for Cisco NX-OS System Software in ACI Mode 11.3 9.2(1) |
| PATCH-1706165 | Security Update for Cisco NX-OS System Software in ACI Mode 12.0 9.2(1) |
| PATCH-1706167 | Security Update for Cisco NX-OS System Software in ACI Mode 12.1 9.2(1) |
| PATCH-1706169 | Security Update for Cisco NX-OS System Software in ACI Mode 12.2 9.2(1) |
| PATCH-1706171 | Security Update for Cisco NX-OS System Software in ACI Mode 12.3 9.2(1) |
| PATCH-1706173 | Security Update for Cisco NX-OS System Software in ACI Mode 13.0 9.2(1) |
| PATCH-1706175 | Security Update for Cisco NX-OS System Software in ACI Mode 13.1 9.2(1) |
| PATCH-1706176 | Security Update for Cisco NX-OS System Software in ACI Mode 13.2 4.0(1a) |
| PATCH-1703867 | Security Update for Cisco NX-OS System Software in ACI Mode 14.0 14.1(1i) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234