CVE-2019-1734

CVE Database · CVE-2019-1734

CVE-2019-1734

· MEDIUMModified

CVSS v3.1

5.5

EPSS

0.31%

Published

Nov 5, 2019

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to view sensitive system files that should be restricted. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to incomplete role-based access control (RBAC) verification. An attacker could exploit this vulnerability by authenticating to the device and issuing a specific CLI diagnostic command with crafted user-input parameters. An exploit could allow the attacker to perform an arbitrary read of a file on the device, and the file may contain sensitive information. The attacker needs valid device credentials to exploit this vulnerability.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-200

Affected Products (106)

cisco · firepower_extensible_operating_system (up to 2.2.2.91)vulnerable

cisco · firepower_extensible_operating_system (up to 2.3.1.111)vulnerable

cisco · firepower_extensible_operating_system (up to 2.4.1.101)vulnerable

cisco · firepower_4110

cisco · firepower_4112

cisco · firepower_4115

cisco · firepower_4120

cisco · firepower_4125

cisco · firepower_4140

cisco · firepower_4145

cisco · firepower_4150

· firepower_9300

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-fxos-info

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-fxos-info

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs