Vulnerabilities > CVE-2019-1966 - Unspecified vulnerability in Cisco Nx-Os and Unified Computing System

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

cisco

nessus

NVD

Published: 2019-08-30

Updated: 2020-10-16

Summary

A vulnerability in a specific CLI command within the local management (local-mgmt) context for Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to gain elevated privileges as the root user on an affected device. The vulnerability is due to extraneous subcommand options present for a specific CLI command within the local-mgmt context. An attacker could exploit this vulnerability by authenticating to an affected device, entering the local-mgmt context, and issuing a specific CLI command and submitting user input. A successful exploit could allow the attacker to execute arbitrary operating system commands as root on an affected device. The attacker would need to have valid user credentials for the device.

Vulnerable Configurations

Part	Description	Count
OS	Cisco Cisco NX OS - Cisco NX OS 1.0\(1.110A\) Cisco NX OS 1.0\(1E\) Cisco NX OS 1.0\(2J\) Cisco NX OS 1.1\(0.825A\) Cisco NX OS 1.1\(1G\) Cisco NX OS 2.3 Cisco NX OS 2.3.1.130 Cisco NX OS 2.4 Cisco NX OS 2.4.1.122 Cisco NX OS 3.1\(1K\)A Cisco NX OS 3.1\(3A\)A Cisco NX OS 4.0	13
Hardware	Cisco Cisco UCS 6248 UP Fabric Interconnect - Cisco UCS 6296 UP Fabric Interconnect - Cisco UCS 6324 Fabric Interconnect - Cisco UCS 6332 16Up Fabric Interconnect - Cisco UCS 6332 Fabric Interconnect - Cisco UCS 6454 Fabric Interconnect -	6
Application	Cisco Cisco Unified Computing System 3.2\(3B\)A Cisco Unified Computing System 4.0\(1A\)A	2

Nessus

NASL family	CISCO
NASL id	CISCO-SA-20190828-UCS-PRIVESCALATION.NASL
description	According to its self-reported version, Cisco NX-OS Software on Cisco Unified Computing System Fabric Interconnects is affected by a vulnerability in a specific CLI command within the local management (local-mgmt) context due to extraneous subcommand options. An authenticated, local attacker can exploit this, by authenticating to an affected device, entering the local-mgmt context, and issuing a specific CLI command and submitting user input, in order to gain elevated privileges as the root user on an affected device. The attacker would need to have valid user credentials for the device. Please see the included Cisco BID and Cisco Security Advisory for more information. Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-04-22
modified	2020-04-16
plugin id	135674
published	2020-04-16
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/135674
title	Cisco Unified Computing System Fabric Interconnect Root Privilege Escalation (cisco-sa-20190828-ucs-privescalation)
code	#TRUSTED a361b9e157fffbf7e9e521291153111a11c4ea6a4a29f3f46158e65eb701b6ec2ab1ab8bfe696fdc033cb8188030a4c5a8d05a817abf71e61f2a2775d744f0eb983b1e644a5728d528907d5c2dfc71aba4354ab81ae40fe94497a74d5e09e87b9ea912b935eb0e87c394684dcc03a4e612ad13c74ad83a8afd6a364a56d960789f81939afec71601638f031da5901ebfd68dc2e4a765dda619e152da396a87cd3f271b33962e14524bd1544a141874e6b3e43e7c2b6341fe01b8ab36856a02035a94a8e59e5c1ec3f09e5195168c6af6d19bdcfb91f10b6ed1bdf0978e9514ab0192578321d222aec547f464e5231886ad1547751011a4edc6b31ff0132d0ece92d1be9f39b5068ea0cf80c98a988ea9535e42ef9ad78aaf7e07fa659eb792b9408f2512523db0de931998b7041f8f55eb65d86b676a42b01905e7f9fb0cda70ce0e179e35ac4102d608409c709d3093287ab15bff3fb1c85c3269030cb244fd7da0b745d1fca4a72d23daf038d23dab98a0fd5bc597d744673c658ba57203adac4412ac39108a7ea05a1fa965952501e7e3ed3d0793e3825286881ce6ef5798ed806ee7afab0d8349c9ca33c6b57062dd1157e901bed83e1c338ff5c80be93515dbc6ecfaa02a1ffd3f7d4949b4357f1179f6b4c98c3ae6db8c5f2bc1e4853721c4415fdab3c3538cb853e1888803133cdb70d2ee69b505a9ad6e0ecbac5dc6 # # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(135674); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/21"); script_cve_id("CVE-2019-1966"); script_xref(name:"CISCO-BUG-ID", value:"CSCvm77243"); script_xref(name:"CISCO-BUG-ID", value:"CSCvm80093"); script_xref(name:"CISCO-SA", value:"cisco-sa-20190828-ucs-privescalation"); script_name(english:"Cisco Unified Computing System Fabric Interconnect Root Privilege Escalation (cisco-sa-20190828-ucs-privescalation)"); script_set_attribute(attribute:"synopsis", value: "The remote device is missing a vendor-supplied security patch"); script_set_attribute(attribute:"description", value: "According to its self-reported version, Cisco NX-OS Software on Cisco Unified Computing System Fabric Interconnects is affected by a vulnerability in a specific CLI command within the local management (local-mgmt) context due to extraneous subcommand options. An authenticated, local attacker can exploit this, by authenticating to an affected device, entering the local-mgmt context, and issuing a specific CLI command and submitting user input, in order to gain elevated privileges as the root user on an affected device. The attacker would need to have valid user credentials for the device. Please see the included Cisco BID and Cisco Security Advisory for more information. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-ucs-privescalation script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?76654610"); script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm77243"); script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm80093"); script_set_attribute(attribute:"solution", value: "Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCvm77243 and CSCvm80093."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1966"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/28"); script_set_attribute(attribute:"patch_publication_date", value:"2019/08/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/16"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CISCO"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("cisco_nxos_version.nasl"); script_require_keys("Host/Cisco/NX-OS/Version", "Host/Cisco/NX-OS/Model", "Host/Cisco/NX-OS/Device"); exit(0); } include('audit.inc'); include('cisco_workarounds.inc'); include('ccf.inc'); product_info = cisco::get_product_info(name:'Cisco NX-OS Software'); if ('UCS' >!< product_info.device \|\| product_info.model !~ '^6[234][0-9]{2}') audit(AUDIT_HOST_NOT, 'an affected model'); vuln_ranges = [ {'min_ver' : '0', 'fix_ver' : '3.2(3l)'}, {'min_ver' : '4.0', 'fix_ver' : '4.0(2a)'} ]; reporting = make_array( 'port' , 0, 'severity' , SECURITY_HOLE, 'version' , product_info.version, 'bug_id' , 'CSCvm77243, CSCvm80093' ); cisco::check_and_report( product_info:product_info, reporting:reporting, vuln_ranges:vuln_ranges );

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-ucs-privescalation