Unrated severityNVD Advisory· Published Mar 8, 2019· Updated Nov 21, 2024

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1609)

CVE-2019-1609

Description

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(27), 8.1(1b), and 8.3(2). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(6). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(6). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), 8.2(3), and 8.3(2). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I4(9) and7.0(3)I7(6). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

CVE-2019-1609 is a CLI command injection in Cisco NX-OS that lets an authenticated local administrator execute arbitrary OS commands with elevated privileges.

Vulnerability

CVE-2019-1609 is a command injection vulnerability in the CLI of Cisco NX-OS Software. The flaw is due to insufficient validation of arguments passed to certain CLI commands. Affected products include MDS 9000 Series Multilayer Switches (prior to versions 6.2(27), 8.1(1b), and 8.3(2)), Nexus 3500 Platform Switches (prior to 7.0(3)I7(6)), Nexus 3000 Series Switches (prior to 7.0(3)I4(9) and 7.0(3)I7(6)), Nexus 3600 Platform Switches (prior to 7.0(3)F3(5)), Nexus 7000 and 7700 Series Switches (prior to 6.2(22), 7.3(3)D1(1), 8.2(3), and 8.3(2)), Nexus 9000 Series Switches in Standalone NX-OS Mode (prior to 7.0(3)I4(9) and 7.0(3)I7(6)), and Nexus 9500 R-Series Line Cards and Fabric Modules (prior to 7.0(3)F3(5)). [1]

Exploitation

An attacker must have valid administrator credentials to exploit this vulnerability. The attacker would include malicious input as the argument of an affected CLI command. By authenticating locally and issuing the crafted command, the attacker triggers the injection. No user interaction beyond the attacker's own authenticated session is required. [1]

Impact

Successful exploitation allows the attacker to execute arbitrary commands on the underlying operating system of the device with elevated privileges. This can lead to full compromise of the affected switch, including complete loss of confidentiality, integrity, and availability. [1]

Mitigation

Cisco has released free software updates to address this vulnerability. Fixed versions are: MDS 9000 Series to 6.2(27) or later, 8.1(1b) or later, 8.3(2) or later; Nexus 3500 Platform to 7.0(3)I7(6) or later; Nexus 3000 Series to 7.0(3)I4(9) or later, 7.0(3)I7(6) or later; Nexus 3600 Platform to 7.0(3)F3(5) or later; Nexus 7000 and 7700 Series to 6.2(22) or later, 7.3(3)D1(1) or later, 8.2(3) or later, 8.3(2) or later; Nexus 9000 Series to 7.0(3)I4(9) or later, 7.0(3)I7(6) or later; Nexus 9500 R-Series Line Cards and Fabric Modules to 7.0(3)F3(5) or later. Customers should upgrade to a fixed release as described in the Cisco advisory. There is no workaround available. [1]

References

Cisco Security Advisory: Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1609)

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Cisco Systems, Inc./Nx Osllm-fuzzy
Cisco Systems, Inc./MDS 9000 Series Multilayer Switchescpe-rescue
Range: unspecified
Cisco Systems, Inc./Nx Os For Nexus 7700 Series Switchescpe-rescue2 versions
unspecified+ 1 more
- (no CPE)range: unspecified
- (no CPE)range: unspecified
Cisco Systems, Inc./Nx Os For Nexus 5500 Platform Switchescpe-rescue
Range: unspecified
Cisco Systems, Inc./Nx Os For Nexus 5600 Platform Switchescpe-rescue
Range: unspecified
Cisco Systems, Inc./Nexus 9000 Series Fabric Switches in ACI modecpe-rescue
Range: unspecified
Cisco Systems, Inc./Nexus 9500 R-Series Line Cards and Fabric Modulescpe-rescue
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1609mitrevendor-advisoryx_refsource_CISCO
www.securityfocus.com/bid/107341mitrevdb-entryx_refsource_BID

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000