Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1608)
Description
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(27), 8.1(1b), and 8.3(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cisco NX-OS Software CLI command injection in MDS 9000 and Nexus 7000/7700 Series Switches allows authenticated administrators to execute arbitrary OS commands with elevated privileges.
Vulnerability
A command injection vulnerability exists in the CLI of Cisco NX-OS Software, affecting MDS 9000 Series Multilayer Switches prior to versions 6.2(27), 8.1(1b), and 8.3(1), and Nexus 7000 and 7700 Series Switches prior to versions 6.2(22), 7.3(3)D1(1), and 8.2(3) [1]. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands [1]. An attacker must have valid administrator credentials to reach the affected code path [1].
Exploitation
An authenticated, local attacker with administrator privileges can exploit the vulnerability by providing malicious input as the argument of an affected CLI command [1]. No user interaction beyond the attacker's own actions is required. The attacker must be able to access the device CLI, which is typical for an already-authenticated administrator [1].
Impact
Successful exploitation allows the attacker to execute arbitrary commands on the underlying operating system with elevated privileges, enabling complete compromise of the device's confidentiality, integrity, and availability [1]. The attacker gains full control over the affected switch [1].
Mitigation
Cisco has released free software updates to address this vulnerability [1]. The fixed versions are 6.2(27), 8.1(1b), and 8.3(1) for MDS 9000 Series, and 6.2(22), 7.3(3)D1(1), and 8.2(3) for Nexus 7000 and 7700 Series [1]. Customers should upgrade to a fixed release. No workarounds are mentioned in the available reference [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Range: MDS 9000: <6.2(27), <8.1(1b), <8.3(1); Nexus 7000/7700: <6.2(22), <7.3(3)D1(1), <8.2(3)
- Range: unspecified
- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1608mitrevendor-advisoryx_refsource_CISCO
- www.securityfocus.com/bid/107386mitrevdb-entryx_refsource_BID
News mentions
0No linked articles in our index yet.