Unrated severityNVD Advisory· Published Mar 7, 2019· Updated Nov 20, 2024

Cisco FXOS and NX-OS Software Unauthorized Directory Access Vulnerability

CVE-2019-1600

Description

A vulnerability in the file system permissions of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive information that is stored in the file system of an affected system. The vulnerability is due to improper implementation of file system permissions. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow the attacker to access sensitive and critical files. Firepower 4100 Series Next-Generation Firewalls are affected in versions prior to 2.2.2.91 and 2.3.1.110. Firepower 9300 Series Next-Generation Firewalls are affected in versions prior to 2.2.2.91 and 2.3.1.110. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(25), 8.1(1b), and 8.3(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.1(5)N1(1b) and 7.3(3)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).

Affected products

Cisco Systems, Inc./Firepower 4100 Series Next-Generation Firewall (NGFW)cpe-rescue2 versions
unspecified+ 1 more
- (no CPE)range: unspecified
- (no CPE)range: unspecified
Cisco/MDS 9000 Series Multilayer Switchesv5
Range: unspecified
Cisco/Nexus 2000, 5500, 5600, and 6000 Series Switchesv5
Range: unspecified
Cisco Systems, Inc./Nx Os For Nexus 7700 Series Switchescpe-rescue2 versions
unspecified+ 1 more
- (no CPE)range: unspecified
- (no CPE)range: unspecified
Cisco Systems, Inc./Nx Os For Nexus 5500 Platform Switchescpe-rescue
Range: unspecified
Cisco Systems, Inc./Nx Os For Nexus 5600 Platform Switchescpe-rescue
Range: unspecified
Cisco Systems, Inc./Nexus Series Switchescpe-rescue
Range: unspecified
Cisco/Nexus 9500 R-Series Line Cards and Fabric Modulesv5
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-directorymitrevendor-advisoryx_refsource_CISCO
www.securityfocus.com/bid/107399mitrevdb-entryx_refsource_BID
www.securityfocus.com/bid/107404mitrevdb-entryx_refsource_BID

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000