Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Firepower 9300 Series Next-Generation Firewalls by Cisco

    CVE-2019-1600 (GCVE-0-2019-1600)

    Vulnerability from nvd – Published: 2019-03-07 20:00 – Updated: 2024-11-20 17:26
    VLAI
    Title
    Cisco FXOS and NX-OS Software Unauthorized Directory Access Vulnerability
    Summary
    A vulnerability in the file system permissions of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive information that is stored in the file system of an affected system. The vulnerability is due to improper implementation of file system permissions. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow the attacker to access sensitive and critical files. Firepower 4100 Series Next-Generation Firewalls are affected in versions prior to 2.2.2.91 and 2.3.1.110. Firepower 9300 Series Next-Generation Firewalls are affected in versions prior to 2.2.2.91 and 2.3.1.110. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(25), 8.1(1b), and 8.3(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.1(5)N1(1b) and 7.3(3)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/107399 vdb-entryx_refsource_BID
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    http://www.securityfocus.com/bid/107404 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    Cisco Firepower 4100 Series Next-Generation Firewalls Affected: unspecified , < 2.2.2.91 (custom)
    Affected: unspecified , < 2.3.1.110 (custom)
    Create a notification for this product.
    Cisco Firepower 9300 Series Next-Generation Firewalls Affected: unspecified , < 2.2.2.91 (custom)
    Affected: unspecified , < 2.3.1.110 (custom)
    Create a notification for this product.
    Cisco MDS 9000 Series Multilayer Switches Affected: unspecified , < 6.2(25) (custom)
    Affected: unspecified , < 8.1(1b) (custom)
    Affected: unspecified , < 8.3(1) (custom)
    Create a notification for this product.
    Cisco Nexus 3000 Series Switches Affected: unspecified , < 7.0(3)I4(9) (custom)
    Affected: unspecified , < 7.0(3)I7(4) (custom)
    Create a notification for this product.
    Cisco Nexus 3500 Platform Switches Affected: unspecified , < 6.0(2)A8(10) (custom)
    Affected: unspecified , < 7.0(3)I7(4) (custom)
    Create a notification for this product.
    Cisco Nexus 3600 Platform Switches Affected: unspecified , < 7.0(3)F3(5) (custom)
    Create a notification for this product.
    Cisco Nexus 2000, 5500, 5600, and 6000 Series Switches Affected: unspecified , < 7.1(5)N1(1b) (custom)
    Affected: unspecified , < 7.3(3)N1(1) (custom)
    Create a notification for this product.
    Cisco Nexus 7000 and 7700 Series Switches Affected: unspecified , < 6.2(22) (custom)
    Affected: unspecified , < 7.3(3)D1(1) (custom)
    Affected: unspecified , < 8.2(3) (custom)
    Create a notification for this product.
    Cisco Nexus 9000 Series Switches-Standalone Affected: unspecified , < 7.0(3)I4(9) (custom)
    Affected: unspecified , < 7.0(3)I7(4) (custom)
    Create a notification for this product.
    Cisco Nexus 9500 R-Series Line Cards and Fabric Modules Affected: unspecified , < 7.0(3)F3(5) (custom)
    Create a notification for this product.
    Date Public
    2019-03-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:20:28.424Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "107399",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/107399"
              },
              {
                "name": "20190306 Cisco FXOS and NX-OS Software Unauthorized Directory Access Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-directory"
              },
              {
                "name": "107404",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/107404"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-1600",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-20T16:55:46.371130Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-20T17:26:53.055Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Firepower 4100 Series Next-Generation Firewalls",
              "vendor": "Cisco",
              "versions": [
                {
                  "lessThan": "2.2.2.91",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.3.1.110",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Firepower 9300 Series Next-Generation Firewalls",
              "vendor": "Cisco",
              "versions": [
                {
                  "lessThan": "2.2.2.91",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.3.1.110",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "MDS 9000 Series Multilayer Switches",
              "vendor": "Cisco",
              "versions": [
                {
                  "lessThan": "6.2(25)",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.1(1b)",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.3(1)",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Nexus 3000 Series Switches",
              "vendor": "Cisco",
              "versions": [
                {
                  "lessThan": "7.0(3)I4(9)",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.0(3)I7(4)",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Nexus 3500 Platform Switches",
              "vendor": "Cisco",
              "versions": [
                {
                  "lessThan": "6.0(2)A8(10)",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.0(3)I7(4)",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Nexus 3600 Platform Switches",
              "vendor": "Cisco",
              "versions": [
                {
                  "lessThan": "7.0(3)F3(5)",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Nexus 2000, 5500, 5600, and 6000 Series Switches",
              "vendor": "Cisco",
              "versions": [
                {
                  "lessThan": "7.1(5)N1(1b)",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.3(3)N1(1)",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Nexus 7000 and 7700 Series Switches",
              "vendor": "Cisco",
              "versions": [
                {
                  "lessThan": "6.2(22)",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.3(3)D1(1)",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.2(3)",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Nexus 9000 Series Switches-Standalone",
              "vendor": "Cisco",
              "versions": [
                {
                  "lessThan": "7.0(3)I4(9)",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.0(3)I7(4)",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Nexus 9500 R-Series Line Cards and Fabric Modules",
              "vendor": "Cisco",
              "versions": [
                {
                  "lessThan": "7.0(3)F3(5)",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-03-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the file system permissions of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive information that is stored in the file system of an affected system. The vulnerability is due to improper implementation of file system permissions. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow the attacker to access sensitive and critical files. Firepower 4100 Series Next-Generation Firewalls are affected in versions prior to 2.2.2.91 and 2.3.1.110. Firepower 9300 Series Next-Generation Firewalls are affected in versions prior to 2.2.2.91 and 2.3.1.110. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(25), 8.1(1b), and 8.3(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.1(5)N1(1b) and 7.3(3)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5)."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-264",
                  "description": "CWE-264",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-15T09:57:01.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "107399",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/107399"
            },
            {
              "name": "20190306 Cisco FXOS and NX-OS Software Unauthorized Directory Access Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-directory"
            },
            {
              "name": "107404",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/107404"
            }
          ],
          "source": {
            "advisory": "cisco-sa-20190306-nxos-directory",
            "defect": [
              [
                "CSCvh75886",
                "CSCvh75949",
                "CSCvi96549",
                "CSCvi96551",
                "CSCvi96554",
                "CSCvi96559"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco FXOS and NX-OS Software Unauthorized Directory Access Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2019-03-06T16:00:00-0800",
              "ID": "CVE-2019-1600",
              "STATE": "PUBLIC",
              "TITLE": "Cisco FXOS and NX-OS Software Unauthorized Directory Access Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Firepower 4100 Series Next-Generation Firewalls",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "2.2.2.91"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "2.3.1.110"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Firepower 9300 Series Next-Generation Firewalls",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "2.2.2.91"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "2.3.1.110"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "MDS 9000 Series Multilayer Switches",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "6.2(25)"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "8.1(1b)"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "8.3(1)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Nexus 3000 Series Switches",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "7.0(3)I4(9)"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "7.0(3)I7(4)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Nexus 3500 Platform Switches",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "6.0(2)A8(10)"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "7.0(3)I7(4)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Nexus 3600 Platform Switches",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "7.0(3)F3(5)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Nexus 2000, 5500, 5600, and 6000 Series Switches",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "7.1(5)N1(1b)"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "7.3(3)N1(1)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Nexus 7000 and 7700 Series Switches",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "6.2(22)"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "7.3(3)D1(1)"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "8.2(3)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Nexus 9000 Series Switches-Standalone",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "7.0(3)I4(9)"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "7.0(3)I7(4)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Nexus 9500 R-Series Line Cards and Fabric Modules",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "7.0(3)F3(5)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the file system permissions of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive information that is stored in the file system of an affected system. The vulnerability is due to improper implementation of file system permissions. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow the attacker to access sensitive and critical files. Firepower 4100 Series Next-Generation Firewalls are affected in versions prior to 2.2.2.91 and 2.3.1.110. Firepower 9300 Series Next-Generation Firewalls are affected in versions prior to 2.2.2.91 and 2.3.1.110. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(25), 8.1(1b), and 8.3(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.1(5)N1(1b) and 7.3(3)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5)."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "6.7",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-264"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "107399",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/107399"
                },
                {
                  "name": "20190306 Cisco FXOS and NX-OS Software Unauthorized Directory Access Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-directory"
                },
                {
                  "name": "107404",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/107404"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-20190306-nxos-directory",
              "defect": [
                [
                  "CSCvh75886",
                  "CSCvh75949",
                  "CSCvi96549",
                  "CSCvi96551",
                  "CSCvi96554",
                  "CSCvi96559"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2019-1600",
        "datePublished": "2019-03-07T20:00:00.000Z",
        "dateReserved": "2018-12-06T00:00:00.000Z",
        "dateUpdated": "2024-11-20T17:26:53.055Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1600 (GCVE-0-2019-1600)

    Vulnerability from cvelistv5 – Published: 2019-03-07 20:00 – Updated: 2024-11-20 17:26
    VLAI
    Title
    Cisco FXOS and NX-OS Software Unauthorized Directory Access Vulnerability
    Summary
    A vulnerability in the file system permissions of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive information that is stored in the file system of an affected system. The vulnerability is due to improper implementation of file system permissions. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow the attacker to access sensitive and critical files. Firepower 4100 Series Next-Generation Firewalls are affected in versions prior to 2.2.2.91 and 2.3.1.110. Firepower 9300 Series Next-Generation Firewalls are affected in versions prior to 2.2.2.91 and 2.3.1.110. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(25), 8.1(1b), and 8.3(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.1(5)N1(1b) and 7.3(3)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/107399 vdb-entryx_refsource_BID
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    http://www.securityfocus.com/bid/107404 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    Cisco Firepower 4100 Series Next-Generation Firewalls Affected: unspecified , < 2.2.2.91 (custom)
    Affected: unspecified , < 2.3.1.110 (custom)
    Create a notification for this product.
    Cisco Firepower 9300 Series Next-Generation Firewalls Affected: unspecified , < 2.2.2.91 (custom)
    Affected: unspecified , < 2.3.1.110 (custom)
    Create a notification for this product.
    Cisco MDS 9000 Series Multilayer Switches Affected: unspecified , < 6.2(25) (custom)
    Affected: unspecified , < 8.1(1b) (custom)
    Affected: unspecified , < 8.3(1) (custom)
    Create a notification for this product.
    Cisco Nexus 3000 Series Switches Affected: unspecified , < 7.0(3)I4(9) (custom)
    Affected: unspecified , < 7.0(3)I7(4) (custom)
    Create a notification for this product.
    Cisco Nexus 3500 Platform Switches Affected: unspecified , < 6.0(2)A8(10) (custom)
    Affected: unspecified , < 7.0(3)I7(4) (custom)
    Create a notification for this product.
    Cisco Nexus 3600 Platform Switches Affected: unspecified , < 7.0(3)F3(5) (custom)
    Create a notification for this product.
    Cisco Nexus 2000, 5500, 5600, and 6000 Series Switches Affected: unspecified , < 7.1(5)N1(1b) (custom)
    Affected: unspecified , < 7.3(3)N1(1) (custom)
    Create a notification for this product.
    Cisco Nexus 7000 and 7700 Series Switches Affected: unspecified , < 6.2(22) (custom)
    Affected: unspecified , < 7.3(3)D1(1) (custom)
    Affected: unspecified , < 8.2(3) (custom)
    Create a notification for this product.
    Cisco Nexus 9000 Series Switches-Standalone Affected: unspecified , < 7.0(3)I4(9) (custom)
    Affected: unspecified , < 7.0(3)I7(4) (custom)
    Create a notification for this product.
    Cisco Nexus 9500 R-Series Line Cards and Fabric Modules Affected: unspecified , < 7.0(3)F3(5) (custom)
    Create a notification for this product.
    Date Public
    2019-03-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:20:28.424Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "107399",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/107399"
              },
              {
                "name": "20190306 Cisco FXOS and NX-OS Software Unauthorized Directory Access Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-directory"
              },
              {
                "name": "107404",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/107404"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-1600",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-20T16:55:46.371130Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-20T17:26:53.055Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Firepower 4100 Series Next-Generation Firewalls",
              "vendor": "Cisco",
              "versions": [
                {
                  "lessThan": "2.2.2.91",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.3.1.110",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Firepower 9300 Series Next-Generation Firewalls",
              "vendor": "Cisco",
              "versions": [
                {
                  "lessThan": "2.2.2.91",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.3.1.110",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "MDS 9000 Series Multilayer Switches",
              "vendor": "Cisco",
              "versions": [
                {
                  "lessThan": "6.2(25)",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.1(1b)",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.3(1)",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Nexus 3000 Series Switches",
              "vendor": "Cisco",
              "versions": [
                {
                  "lessThan": "7.0(3)I4(9)",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.0(3)I7(4)",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Nexus 3500 Platform Switches",
              "vendor": "Cisco",
              "versions": [
                {
                  "lessThan": "6.0(2)A8(10)",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.0(3)I7(4)",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Nexus 3600 Platform Switches",
              "vendor": "Cisco",
              "versions": [
                {
                  "lessThan": "7.0(3)F3(5)",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Nexus 2000, 5500, 5600, and 6000 Series Switches",
              "vendor": "Cisco",
              "versions": [
                {
                  "lessThan": "7.1(5)N1(1b)",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.3(3)N1(1)",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Nexus 7000 and 7700 Series Switches",
              "vendor": "Cisco",
              "versions": [
                {
                  "lessThan": "6.2(22)",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.3(3)D1(1)",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.2(3)",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Nexus 9000 Series Switches-Standalone",
              "vendor": "Cisco",
              "versions": [
                {
                  "lessThan": "7.0(3)I4(9)",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.0(3)I7(4)",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Nexus 9500 R-Series Line Cards and Fabric Modules",
              "vendor": "Cisco",
              "versions": [
                {
                  "lessThan": "7.0(3)F3(5)",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-03-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the file system permissions of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive information that is stored in the file system of an affected system. The vulnerability is due to improper implementation of file system permissions. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow the attacker to access sensitive and critical files. Firepower 4100 Series Next-Generation Firewalls are affected in versions prior to 2.2.2.91 and 2.3.1.110. Firepower 9300 Series Next-Generation Firewalls are affected in versions prior to 2.2.2.91 and 2.3.1.110. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(25), 8.1(1b), and 8.3(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.1(5)N1(1b) and 7.3(3)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5)."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-264",
                  "description": "CWE-264",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-15T09:57:01.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "107399",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/107399"
            },
            {
              "name": "20190306 Cisco FXOS and NX-OS Software Unauthorized Directory Access Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-directory"
            },
            {
              "name": "107404",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/107404"
            }
          ],
          "source": {
            "advisory": "cisco-sa-20190306-nxos-directory",
            "defect": [
              [
                "CSCvh75886",
                "CSCvh75949",
                "CSCvi96549",
                "CSCvi96551",
                "CSCvi96554",
                "CSCvi96559"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco FXOS and NX-OS Software Unauthorized Directory Access Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2019-03-06T16:00:00-0800",
              "ID": "CVE-2019-1600",
              "STATE": "PUBLIC",
              "TITLE": "Cisco FXOS and NX-OS Software Unauthorized Directory Access Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Firepower 4100 Series Next-Generation Firewalls",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "2.2.2.91"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "2.3.1.110"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Firepower 9300 Series Next-Generation Firewalls",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "2.2.2.91"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "2.3.1.110"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "MDS 9000 Series Multilayer Switches",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "6.2(25)"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "8.1(1b)"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "8.3(1)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Nexus 3000 Series Switches",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "7.0(3)I4(9)"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "7.0(3)I7(4)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Nexus 3500 Platform Switches",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "6.0(2)A8(10)"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "7.0(3)I7(4)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Nexus 3600 Platform Switches",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "7.0(3)F3(5)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Nexus 2000, 5500, 5600, and 6000 Series Switches",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "7.1(5)N1(1b)"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "7.3(3)N1(1)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Nexus 7000 and 7700 Series Switches",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "6.2(22)"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "7.3(3)D1(1)"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "8.2(3)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Nexus 9000 Series Switches-Standalone",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "7.0(3)I4(9)"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "7.0(3)I7(4)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Nexus 9500 R-Series Line Cards and Fabric Modules",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "7.0(3)F3(5)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the file system permissions of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive information that is stored in the file system of an affected system. The vulnerability is due to improper implementation of file system permissions. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow the attacker to access sensitive and critical files. Firepower 4100 Series Next-Generation Firewalls are affected in versions prior to 2.2.2.91 and 2.3.1.110. Firepower 9300 Series Next-Generation Firewalls are affected in versions prior to 2.2.2.91 and 2.3.1.110. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(25), 8.1(1b), and 8.3(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.1(5)N1(1b) and 7.3(3)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5)."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "6.7",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-264"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "107399",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/107399"
                },
                {
                  "name": "20190306 Cisco FXOS and NX-OS Software Unauthorized Directory Access Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-directory"
                },
                {
                  "name": "107404",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/107404"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-20190306-nxos-directory",
              "defect": [
                [
                  "CSCvh75886",
                  "CSCvh75949",
                  "CSCvi96549",
                  "CSCvi96551",
                  "CSCvi96554",
                  "CSCvi96559"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2019-1600",
        "datePublished": "2019-03-07T20:00:00.000Z",
        "dateReserved": "2018-12-06T00:00:00.000Z",
        "dateUpdated": "2024-11-20T17:26:53.055Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }