CVE-2019-1587

A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, remote attacker to access sensitive information. The vulnerability occurs because the affected software does not properly validate user-supplied input. An attacker could exploit this vulnerability by issuing certain commands with filtered query results on the device. This action may cause returned messages to display confidential system information. A successful exploit could allow the attacker to read sensitive information on the device.

CVSS v3.0 4.3 MEDIUM
CVSS v2.0 4.0 MEDIUM

4.3^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-aci-filter-query	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:cisco:nx-os:8.3\(0\)sk\(0.39\):*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:nexus_9336c-fx2:-:::::::*
	cpe:2.3:h:cisco:nexus_9348gc-fxp:-:::::::*
	cpe:2.3:h:cisco:nexus_9372tx-e:-:::::::*
	cpe:2.3:h:cisco:nexus_9396tx:-:::::::*
	cpe:2.3:h:cisco:nexus_93120tx:-:::::::*
	cpe:2.3:h:cisco:nexus_93180lc-ex:-:::::::*
	cpe:2.3:h:cisco:nexus_9364c:-:::::::*
	cpe:2.3:h:cisco:nexus_9372px:-:::::::*
	cpe:2.3:h:cisco:nexus_9372px-e:-:::::::*
	cpe:2.3:h:cisco:nexus_9372tx:-:::::::*
	cpe:2.3:h:cisco:nexus_93180yc-fx:-:::::::*
	cpe:2.3:h:cisco:nexus_92160yc-x:-:::::::*
	cpe:2.3:h:cisco:nexus_9000:-:::::::*
	cpe:2.3:h:cisco:nexus_9396px:-:::::::*
	cpe:2.3:h:cisco:nexus_9332pq:-:::::::*
	cpe:2.3:h:cisco:nexus_93180yc-ex:-:::::::*
	cpe:2.3:h:cisco:nexus_92304qc:-:::::::*
	cpe:2.3:h:cisco:nexus_9508:-:::::::*
	cpe:2.3:h:cisco:nexus_93128tx:-:::::::*
	cpe:2.3:h:cisco:nexus_9272q:-:::::::*
	cpe:2.3:h:cisco:nexus_93108tc-ex:-:::::::*
	cpe:2.3:h:cisco:nexus_9236c:-:::::::*
	cpe:2.3:h:cisco:nexus_92300yc:-:::::::*
	cpe:2.3:h:cisco:nexus_93108tc-fx:-:::::::*
	cpe:2.3:h:cisco:nexus_93240yc-fx2:-:::::::*
	cpe:2.3:h:cisco:nexus_9332c:-:::::::*
	cpe:2.3:h:cisco:nexus_9336pq:-:::::::*

Information

Published : 2019-05-03 08:29

Updated : 2020-10-13 13:04

NVD link : CVE-2019-1587

Mitre link : CVE-2019-1587

JSON object : View

CWE

CWE-20

Improper Input Validation

Products Affected

cisco

nexus_9372tx-e
nexus_9236c
nexus_9372px
nexus_93108tc-ex
nexus_9336c-fx2
nexus_93240yc-fx2
nexus_93108tc-fx
nexus_9000
nexus_93120tx
nexus_9372px-e
nexus_93180lc-ex
nexus_93180yc-ex
nexus_92160yc-x
nexus_9364c
nexus_9336pq
nexus_92300yc
nexus_9272q
nexus_93128tx
nexus_9372tx
nexus_93180yc-fx
nexus_9332c
nx-os
nexus_9332pq
nexus_9396px
nexus_92304qc
nexus_9348gc-fxp
nexus_9508
nexus_9396tx

4.3 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2019-1587

4.3^/10

4.0^/10

Attach tags to `CVE-2019-1587`