Executive Summary

Informations
NameCVE-2019-1809First vendor Publication2019-05-15
VendorCveLast vendor Modification2019-05-20

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score4.6Attack RangeLocal
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score3.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by crafting an unsigned software patch to bypass signature checks and loading it on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1809

CWE : Common Weakness Enumeration

%idName
100 %CWE-347Improper Verification of Cryptographic Signature

CPE : Common Platform Enumeration

TypeDescriptionCount
Hardware1
Hardware1
Hardware1
Hardware1
Hardware1
Hardware1
Hardware1
Hardware1
Hardware1
Hardware1
Hardware1
Hardware1
Hardware1
Hardware1
Hardware1
Hardware1
Hardware1
Hardware1
Hardware1
Hardware1
Hardware1
Hardware1
Hardware1
Hardware1
Hardware1
Hardware1
Hardware1
Hardware1
Hardware1
Hardware1
Hardware1
Hardware1
Hardware1
Hardware1
Hardware1
Hardware1
Os19

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/108375
CISCO https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s...

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2019-05-20 21:19:24
  • Multiple Updates
2019-05-18 00:19:33
  • Multiple Updates
2019-05-16 05:18:50
  • First insertion