Vulnerabilities > CVE-2019-1734 - Unspecified vulnerability in Cisco Firepower Extensible Operating System and Nx-Os

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
local
low complexity
cisco
nessus
NVD
Published: 2019-11-05
Updated: 2023-04-20

Summary

A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to view sensitive system files that should be restricted. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to incomplete role-based access control (RBAC) verification. An attacker could exploit this vulnerability by authenticating to the device and issuing a specific CLI diagnostic command with crafted user-input parameters. An exploit could allow the attacker to perform an arbitrary read of a file on the device, and the file may contain sensitive information. The attacker needs valid device credentials to exploit this vulnerability.

Vulnerable Configurations

Part Description Count
OS
Cisco
596
Hardware
Cisco
92

Nessus

  • NASL familyCISCO
    NASL idCISCO-SA-20190515-NXOS-INFO.NASL
    descriptionAccording to its self-reported version, Cisco Nexus Operating System (NX-OS) is affected by following vulnerability - A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX- OS Software could allow an authenticated, local attacker to view sensitive system files that should be restricted. The attacker could use this information to conduct additional reconnaissance attacks.The vulnerability is due to incomplete role-based access control (RBAC) verification. An attacker could exploit this vulnerability by authenticating to the device and issuing a specific CLI diagnostic command with crafted user-input parameters. An exploit could allow the attacker to perform an arbitrary read of a file on the device, and the file may contain sensitive information. The attacker needs valid device credentials to exploit this vulnerability. (CVE-2019-1734) Please see the included Cisco BIDs and Cisco Security Advisory for more information
    last seen2020-05-15
    modified2020-05-12
    plugin id136482
    published2020-05-12
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136482
    titleCisco NX-OS Software Sensitive File Read Information Disclosure Vulnerability (cisco-sa-20190515-nxos-fxos-info)
    code
    #TRUSTED a8bdebea2da65852a0598c0ae128f74301f960cd21126b066f87c23f68c9583f401a48bfeaaf6d763b80b425d61142058278cd6a63ea4988ea1c09a9ff2fe5e0e89cdc32ecaf204940761fe3103d10c30cadb9003eff0da2a58feacbd708b05a1dab4b1c94c37170d05248802f9a004cf3c7a278029517f03e49abba1ff6891b2ac374cb3b644e5bd60bacf6c160070b648b2755967ca4e0084781f953fbd9cfb03e553e7b8856f89d009c246a35388523395e4fecfd14a1979beb6d7758bea3079cdc82ff1f046c86a17639a7379a5694e062dcf72effbebfa635eeac91a3435c7a98f04d7e8a4c53b644f15c8abf4416f8b97ae46a22d8f69f4b089f3e288369c38579ba8832aeb2598996f80e051e72c070194ccbb92eb6ee64d10b8c009dee4fa7a1b9060f08adb554487572a8605766783b812d920ce1b1071432ea80717b3e5e736039f6b8e753eadadfd35c174446a2ad251a312713eebefd9b3fb001a47857c1e5a8257d0499c3ac2896705590d6723fe3a72268e7779a9c6a4a8a8860468181694a585b540c0775affdbf8a5243865329d13b49b03e320944d60cd743d39fb2c67fb9631e5be3ef566e4a0041f5ba37935d42125654260743bb0e2c6a5ff166426952e07edeb00533854e59496dfbb878a0503a48617f5f1118cc3f8d1a0b1cdff823d4f919ea03b0c2402baa9f9b1ad99b154b8fdc68fee67ccef3
#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(136482);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/13");

  script_cve_id("CVE-2019-1734");
  script_bugtraq_id(108381);
  script_xref(name:"CISCO-BUG-ID", value:"CSCvj59436");
  script_xref(name:"CISCO-BUG-ID", value:"CSCvj50808");
  script_xref(name:"CISCO-BUG-ID", value:"CSCvj50810");
  script_xref(name:"CISCO-BUG-ID", value:"CSCvj50814");
  script_xref(name:"CISCO-BUG-ID", value:"CSCvj50816");
  script_xref(name:"CISCO-BUG-ID", value:"CSCvj50836");
  script_xref(name:"CISCO-SA", value:"cisco-sa-20190515-nxos-fxos-info");
  script_xref(name:"IAVA", value:"2019-A-0173");

  script_name(english:"Cisco NX-OS Software Sensitive File Read Information Disclosure Vulnerability (cisco-sa-20190515-nxos-fxos-info)");
  script_summary(english:"Checks the version of Cisco Nexus Operating System (NX-OS)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco Nexus
Operating System (NX-OS) is affected by following vulnerability

  - A vulnerability in the implementation of a CLI
    diagnostic command in Cisco FXOS Software and Cisco NX-
    OS Software could allow an authenticated, local attacker
    to view sensitive system files that should be
    restricted. The attacker could use this information to
    conduct additional reconnaissance attacks.The
    vulnerability is due to incomplete role-based access
    control (RBAC) verification. An attacker could exploit
    this vulnerability by authenticating to the device and
    issuing a specific CLI diagnostic command with crafted
    user-input parameters. An exploit could allow the
    attacker to perform an arbitrary read of a file on the
    device, and the file may contain sensitive information.
    The attacker needs valid device credentials to exploit
    this vulnerability. (CVE-2019-1734)

Please see the included Cisco BIDs and Cisco Security Advisory for
more information");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-fxos-info
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?92f90474");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj59436");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj50808");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj50810");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj50814");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj50816");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj50836");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in the appropriate Cisco bug ID:
  - CSCvj59436
  - CSCvj50808
  - CSCvj50810
  - CSCvj50814
  - CSCvj50816
  - CSCvj50836");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1734");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/05/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:firepower_extensible_operating_system_(fxos)");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_nxos_version.nasl");
  script_require_keys("Host/Cisco/NX-OS/Version", "Host/Cisco/NX-OS/Model", "Host/Cisco/NX-OS/Device");

  exit(0);
}

include('cisco_workarounds.inc');
include('ccf.inc');

product_info = cisco::get_product_info(name:"Cisco NX-OS Software");

cbi = '';
if('MDS' >< product_info.device && product_info.model =~ '^9[0-9][0-9][0-9]')
  cbi = 'CSCvk50808';
else if ('UCS' >< product_info.device && product_info.model =~ '^6[23][0-9][0-9]')
  cbi = 'CSCvk50814';
else if('Nexus' >< product_info.device)
{
  if(product_info.model =~ '^(30[0-9][0-9]|90[0-9][0-9])')
    cbi = 'CSCvj59436';
  else if(product_info.model =~ '^(35[0-9][0-9])')
    cbi = 'CSCvj50810';
  else if (product_info.model =~ '^(5[56]|60)[0-9][0-9]')
    cbi = 'CSCvj59436';
  else if (product_info.model =~ '^7[07][0-9][0-9]')
    cbi = 'CSCvk50808';
  else if (product_info.model =~ '^(36)[0-9][0-9]')
    cbi = 'CSCvj50838';
  else audit(AUDIT_HOST_NOT, 'affected');
}

else audit(AUDIT_HOST_NOT, 'affected');

version_list=make_list(
  '6.0(1)',
  '6.0(2)',
  '6.0(3)',
  '6.0(4)',
  '6.0(2)A1(1)',
  '6.0(2)A1(1a)',
  '6.0(2)A1(1b)',
  '6.0(2)A1(1c)',
  '6.0(2)A1(1d)',
  '6.0(2)A1(1e)',
  '6.0(2)A1(1f)',
  '6.0(2)A1(2d)',
  '6.0(2)A3(1)',
  '6.0(2)A3(2)',
  '6.0(2)A3(4)',
  '6.0(2)A4(1)',
  '6.0(2)A4(2)',
  '6.0(2)A4(3)',
  '6.0(2)A4(4)',
  '6.0(2)A4(5)',
  '6.0(2)A4(6)',
  '6.0(2)A6(1)',
  '6.0(2)A6(1a)',
  '6.0(2)A6(2)',
  '6.0(2)A6(2a)',
  '6.0(2)A6(3)',
  '6.0(2)A6(3a)',
  '6.0(2)A6(4)',
  '6.0(2)A6(4a)',
  '6.0(2)A6(5)',
  '6.0(2)A6(5a)',
  '6.0(2)A6(5b)',
  '6.0(2)A6(6)',
  '6.0(2)A6(7)',
  '6.0(2)A6(8)',
  '6.0(2)A7(1)',
  '6.0(2)A7(1a)',
  '6.0(2)A7(2)',
  '6.0(2)A7(2a)',
  '6.0(2)A8(1)',
  '6.0(2)A8(2)',
  '6.0(2)A8(3)',
  '6.0(2)A8(4)',
  '6.0(2)A8(4a)',
  '6.0(2)A8(5)',
  '6.0(2)A8(6)',
  '6.0(2)A8(7)',
  '6.0(2)A8(7a)',
  '6.0(2)A8(7b)',
  '6.0(2)A8(8)',
  '6.0(2)A8(9)',
  '6.0(2)A8(10a)',
  '6.0(2)A8(10)',
  '6.2(2)',
  '6.2(2a)',
  '6.2(6)',
  '6.2(6b)',
  '6.2(8)',
  '6.2(8a)',
  '6.2(8b)',
  '6.2(10)',
  '6.2(12)',
  '6.2(18)',
  '6.2(16)',
  '6.2(14b)',
  '6.2(14)',
  '6.2(14a)',
  '6.2(6a)',
  '6.2(20)',
  '6.2(1)',
  '6.2(3)',
  '6.2(5)',
  '6.2(5a)',
  '6.2(5b)',
  '6.2(7)',
  '6.2(9)',
  '6.2(9a)',
  '6.2(9b)',
  '6.2(9c)',
  '6.2(11)',
  '6.2(11b)',
  '6.2(11c)',
  '6.2(11d)',
  '6.2(11e)',
  '6.2(13)',
  '6.2(13a)',
  '6.2(13b)',
  '6.2(15)',
  '6.2(17)',
  '6.2(19)',
  '6.2(21)',
  '6.2(23)',
  '6.2(20a)',
  '6.2(25)',
  '7.0(3)',
  '7.0(0)N1(1)',
  '7.0(1)N1(1)',
  '7.0(1)N1(3)',
  '7.0(2)I2(2c)',
  '7.0(2)N1(1)',
  '7.0(2)N1(1a)',
  '7.0(3)F1(1)',
  '7.0(3)F2(1)',
  '7.0(3)F2(2)',
  '7.0(3)F3(1)',
  '7.0(3)F3(2)',
  '7.0(3)F3(3)',
  '7.0(3)F3(3a)',
  '7.0(3)F3(4)',
  '7.0(3)F3(3c)',
  '7.0(3)F3(3b)',
  '7.0(3)F3(5)',
  '7.0(3)I1(1)',
  '7.0(3)I1(1a)',
  '7.0(3)I1(1b)',
  '7.0(3)I1(2)',
  '7.0(3)I1(3)',
  '7.0(3)I1(3a)',
  '7.0(3)I1(3b)',
  '7.0(3)I2(2a)',
  '7.0(3)I2(2b)',
  '7.0(3)I2(2c)',
  '7.0(3)I2(2d)',
  '7.0(3)I2(2e)',
  '7.0(3)I2(3)',
  '7.0(3)I2(4)',
  '7.0(3)I2(5)',
  '7.0(3)I2(1)',
  '7.0(3)I2(1a)',
  '7.0(3)I2(2)',
  '7.0(3)I3(1)',
  '7.0(3)I4(1)',
  '7.0(3)I4(2)',
  '7.0(3)I4(3)',
  '7.0(3)I4(4)',
  '7.0(3)I4(5)',
  '7.0(3)I4(6)',
  '7.0(3)I4(7)',
  '7.0(3)I4(8)',
  '7.0(3)I4(8a)',
  '7.0(3)I4(8b)',
  '7.0(3)I4(8z)',
  '7.0(3)I7(5a)',
  '7.0(3)I5(1)',
  '7.0(3)I5(2)',
  '7.0(3)I6(1)',
  '7.0(3)I6(2)',
  '7.0(3)I7(2)',
  '7.0(3)I7(5a)',
  '7.3(0.2)',
  '7.3(0)D1(1)',
  '7.3(0)DX(1)',
  '7.3(0)DY(1)',
  '7.3(0)N1(1)',
  '7.3(0)N1(1b)',
  '7.3(0)N1(1a)',
  '7.3(1)D1(1B)',
  '7.3(1)D1(1)',
  '7.3(1)DY(1)',
  '7.3(1)N1(0.1)',
  '7.3(1)N1(1)',
  '7.3(2)D1(1A)',
  '7.3(2)D1(1)',
  '7.3(2)D1(2)',
  '7.3(2)D1(3)',
  '7.3(2)D1(3a)',
  '7.3(2)N1(0.296)',
  '7.3(2)N1(1)',
  '7.3(3)N1(1)',
  '8.3(1)'
);

reporting = make_array(
    'port'     , 0,
    'severity' , SECURITY_NOTE,
    'version'  , product_info['version'],
    'bug_id'   , cbi,
    'disable_caveat', TRUE
);


cisco::check_and_report(
    product_info:product_info, 
    reporting:reporting, 
    vuln_versions:version_list
);
  • NASL familyCISCO
    NASL idCISCO-SA-20190515-FXOS-INFO.NASL
    descriptionAccording to its self-reported version, Cisco Firepower Extensible Operating System (FXOS) is affected by following vulnerability - A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX- OS Software could allow an authenticated, local attacker to view sensitive system files that should be restricted. The attacker could use this information to conduct additional reconnaissance attacks.The vulnerability is due to incomplete role-based access control (RBAC) verification. An attacker could exploit this vulnerability by authenticating to the device and issuing a specific CLI diagnostic command with crafted user-input parameters. An exploit could allow the attacker to perform an arbitrary read of a file on the device, and the file may contain sensitive information. The attacker needs valid device credentials to exploit this vulnerability. (CVE-2019-1734) Please see the included Cisco BIDs and Cisco Security Advisory for more information
    last seen2020-05-15
    modified2020-05-12
    plugin id136481
    published2020-05-12
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136481
    titleCisco NX-OS Software Sensitive File Read Information Disclosure Vulnerability (cisco-sa-20190515-nxos-fxos-info)

References