CVE-2019-1604 (CNNVD-201903-173)
中文标题:
Cisco NX-OS Software 授权问题漏洞
英文标题:
Cisco NX-OS Software Privilege Escalation Vulnerability
漏洞描述
中文描述:
Cisco Nexus 9500 R-Series Line Cards and Fabric Modules等都是美国思科(Cisco)公司的产品。Cisco Nexus 9500 R-Series Line Cards and Fabric Modules是一款9500R系列线卡模块。Cisco Nexus 7000 Series Switches是一款7000系列交换机。Cisco Nexus 7700 Series Switches是一款7700系列交换机。Cisco NX-OS Software是一套交换机使用的数据中心级操作系统软件。 Cisco NX-OS Software中的用户账户管理界面存在安全漏洞,该漏洞源于程序对用户账户和其相关联的Group ID进行授权检查。本地攻击者可利用该漏洞获取提升的权限。以下产品和版本受到影响:Cisco Nexus 7000 Series Switches 6.2(22)之前版本,8.2(3)之前版本,8.3(2)之前版本;Nexus 7700 Series Switches 6.2(22)之前版本,8.2(3)之前版本,8.3(2)之前版本;Nexus 3000 Series Switches 7.0(3)I7(4)之前版本;Nexus 3500 Platform Switches 7.0(3)I7(4)之前版本;Nexus 3600 Platform Switches 7.0(3)F3(5)之前版本;Nexus 9000 Series Switches-Standalone 7.0(3)I7(4)之前版本;Nexus 9500 R-Series Line Cards and Fabric Modules 7.0(3)F3(5)之前版本。
英文描述:
A vulnerability in the user account management interface of Cisco NX-OS Software could allow an authenticated, local attacker to gain elevated privileges on an affected device. The vulnerability is due to an incorrect authorization check of user accounts and their associated Group ID (GID). An attacker could exploit this vulnerability by taking advantage of a logic error that will permit the use of higher privileged commands than what is necessarily assigned. A successful exploit could allow an attacker to execute commands with elevated privileges on the underlying Linux shell of an affected device. Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 8.2(3), and 8.3(2). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Cisco | Nexus 7000 and 7700 Series Switches | - | < 6.2(22) | - |
cpe:2.3:a:cisco:nexus_7000_and_7700_series_switches:*:*:*:*:*:*:*:*
|
| Cisco | Nexus 3000 Series Switches | - | < 7.0(3)I7(4) | - |
cpe:2.3:a:cisco:nexus_3000_series_switches:*:*:*:*:*:*:*:*
|
| Cisco | Nexus 3500 Platform Switches | - | < 7.0(3)I7(4) | - |
cpe:2.3:a:cisco:nexus_3500_platform_switches:*:*:*:*:*:*:*:*
|
| Cisco | Nexus 3600 Platform Switches | - | < 7.0(3)F3(5) | - |
cpe:2.3:a:cisco:nexus_3600_platform_switches:*:*:*:*:*:*:*:*
|
| Cisco | Nexus 9000 Series Switches-Standalone | - | < 7.0(3)I7(4) | - |
cpe:2.3:a:cisco:nexus_9000_series_switches-standalone:*:*:*:*:*:*:*:*
|
| Cisco | Nexus 9500 R-Series Line Cards and Fabric Modules | - | < 7.0(3)F3(5) | - |
cpe:2.3:a:cisco:nexus_9500_r-series_line_cards_and_fabric_modules:*:*:*:*:*:*:*:*
|
| cisco | nx-os | * | - | - |
cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
3.0 (cna)
HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2019-1604 |
2025-11-11 15:20:08 | 2025-11-11 07:35:36 |
| NVD | nvd_CVE-2019-1604 |
2025-11-11 14:56:20 | 2025-11-11 07:44:08 |
| CNNVD | cnnvd_CNNVD-201903-173 |
2025-11-11 15:10:10 | 2025-11-11 07:54:24 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 授权问题
- cnnvd_id: 未提取 -> CNNVD-201903-173
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 8 -> 7
- data_sources: ['cve'] -> ['cve', 'nvd']