==================================================================== CERT-Renater Note d'Information No. 2019/VULN062 _____________________________________________________________________ DATE : 07/03/2019 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Cisco FXOS, Cisco NX-OS. ===================================================================== https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-tetra-ace https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxosldap https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-sig-verif https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-privesca https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-privesc https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-pe https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-npv-dos https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-netstack https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-file-access https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-fabric-dos https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-escalation https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-directory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1613 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1612 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1611 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1610 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1609 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1608 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1607 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1606 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-NXAPI-cmdinj https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nx-os-lan-auth https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nx-os-bash-escal https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nx-os-api-ex https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-aci-shell-escape https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nx-os-api-ex _____________________________________________________________________ 1) Cisco Nexus 9000 Series Switches Standalone NX-OS Mode Tetration Analytics Agent Arbitrary Code Execution Vulnerability CVE-2019-1618 SIR: High CVSS Score v(3.0): 7.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-tetra-ace ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-tetra-ace"] +-------------------------------------------------------------------- 2) Cisco NX-OS Software Privilege Escalation Vulnerability CVE-2019-1604 SIR: High CVSS Score v(3.0): 7.3 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-privesca ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-privesca"] +-------------------------------------------------------------------- 3) Cisco NX-OS Software Privilege Escalation Vulnerability CVE-2019-1603 SIR: High CVSS Score v(3.0): 7.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-privesc ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-privesc"] +-------------------------------------------------------------------- 4) Cisco NX-OS Software Privilege Escalation Vulnerability CVE-2019-1602 SIR: High CVSS Score v(3.0): 7.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-escalation ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-escalation"] +-------------------------------------------------------------------- 5) Cisco NX-OS Software Unauthorized Filesystem Access Vulnerability CVE-2019-1601 SIR: High CVSS Score v(3.0): 7.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-file-access ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-file-access"] +-------------------------------------------------------------------- 6) Cisco NX-OS Software Cisco Fabric Services Denial of Service Vulnerability CVE-2019-1616 SIR: High CVSS Score v(3.0): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-fabric-dos ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-fabric-dos"] +-------------------------------------------------------------------- 7) Cisco Nexus 9000 Series Switches Standalone NX-OS Mode Fibre Channel over Ethernet NPV Denial of Service Vulnerability CVE-2019-1617 SIR: High CVSS Score v(3.0): 7.4 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-npv-dos ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-npv-dos"] +-------------------------------------------------------------------- 8) Cisco FXOS and NX-OS Software Unauthorized Directory Access Vulnerability CVE-2019-1600 SIR: High CVSS Score v(3.0): 6.7 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-directory ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-directory"] +-------------------------------------------------------------------- 9) Cisco NX-OS Software Image Signature Verification Vulnerability CVE-2019-1615 SIR: High CVSS Score v(3.0): 6.7 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-sig-verif ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-sig-verif"] +-------------------------------------------------------------------- 10) Cisco NX-OS Software NX-API Command Injection Vulnerability CVE-2019-1614 SIR: High CVSS Score v(3.0): 8.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-NXAPI-cmdinj ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-NXAPI-cmdinj"] +-------------------------------------------------------------------- 11) Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Shell Escape Vulnerability CVE-2019-1591 SIR: High CVSS Score v(3.0): 7.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-aci-shell-escape ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-aci-shell-escape"] +-------------------------------------------------------------------- 12) Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1613) CVE-2019-1613 SIR: High CVSS Score v(3.0): 4.2 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1613 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1613"] +-------------------------------------------------------------------- 13) Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1612) CVE-2019-1612 SIR: High CVSS Score v(3.0): 4.2 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1612 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1612"] +-------------------------------------------------------------------- 14) Cisco FXOS and NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1611) CVE-2019-1611 SIR: High CVSS Score v(3.0): 4.2 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1611 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1611"] +-------------------------------------------------------------------- 15) Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1610) CVE-2019-1610 SIR: High CVSS Score v(3.0): 4.2 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1610 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1610"] +-------------------------------------------------------------------- 16) Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1609) CVE-2019-1609 SIR: High CVSS Score v(3.0): 4.2 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1609 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1609"] +-------------------------------------------------------------------- 17) Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1608) CVE-2019-1608 SIR: High CVSS Score v(3.0): 4.2 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1608 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1608"] +-------------------------------------------------------------------- 18) Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1607) CVE-2019-1607 SIR: High CVSS Score v(3.0): 4.2 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1607 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1607"] +-------------------------------------------------------------------- 19) Cisco NX-OS Software NX-API Arbitrary Code Execution Vulnerability CVE-2019-1605 SIR: High CVSS Score v(3.0): 7.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-api-ex ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-api-ex"] +-------------------------------------------------------------------- 20) Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1606) CVE-2019-1606 SIR: High CVSS Score v(3.0): 5.3 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1606 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1606"] +-------------------------------------------------------------------- 21) Cisco NX-OS Software Netstack Denial of Service Vulnerability CVE-2019-1599 SIR: High CVSS Score v(3.0): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-netstack ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-netstack"] +-------------------------------------------------------------------- 22) Cisco NX-OS Software Bash Shell Role-Based Access Control Bypass Privilege Escalation Vulnerability CVE-2019-1593 SIR: High CVSS Score v(3.0): 7.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nx-os-bash-escal ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nx-os-bash-escal"] +-------------------------------------------------------------------- 23) Cisco NX-OS Software 802.1X Extensible Authentication Protocol over LAN Denial of Service Vulnerability CVE-2019-1594 SIR: High CVSS Score v(3.0): 7.4 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nx-os-lan-auth ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nx-os-lan-auth"] +-------------------------------------------------------------------- 24) Cisco NX-OS Software Bash Shell Privilege Escalation Vulnerability CVE-2019-1596 SIR: High CVSS Score v(3.0): 7.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-pe ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-pe"] +-------------------------------------------------------------------- 25) Cisco FXOS and NX-OS Lightweight Directory Access Protocol Denial of Service Vulnerabilities CVE-2019-1597, CVE-2019-1598 SIR: High CVSS Score v(3.0): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxosldap ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxosldap"] ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================