Cisco NX-OS Software Remote Package Manager Command Injection Vulnerability (cisco-sa-20190515-nxos-rpm-injec)

medium Nessus Plugin ID 136483

Synopsis

The remote device is missing a vendor-supplied security patch

Description

According to its self-reported version, Cisco NX-OS Software is affected by following vulnerability

- A vulnerability in the Remote Package Manager (RPM) subsystem of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to leverage a time-of-check, time-of-use (TOCTOU) race condition to corrupt local variables, which could lead to arbitrary command injection.The vulnerability is due to the lack of a proper locking mechanism on critical variables that need to stay static until used. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a set of RPM-related CLI commands. A successful exploit could allow the attacker to perform arbitrary command injection. The attacker would need administrator credentials for the targeted device. (CVE-2019-1732)

Please see the included Cisco BIDs and Cisco Security Advisory for more information

Solution

Upgrade to the relevant fixed version referenced in Cisco bug IDs
- CSCvi01453
- CSCvj00550

See Also

http://www.nessus.org/u?60278125

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvi01453

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj00550

Plugin Details

Severity: Medium

ID: 136483

File Name: cisco-sa-20190515-nxos-rpm-injec.nasl

Version: 1.6

Type: combined

Family: CISCO

Published: 5/12/2020

Updated: 10/19/2020

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 5.1

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2019-1732

CVSS v3

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 5.6

Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:nx-os

Required KB Items: Host/Cisco/NX-OS/Version, Host/Cisco/NX-OS/Model, Host/Cisco/NX-OS/Device

Exploit Ease: No known exploits are available

Patch Publication Date: 5/15/2019

Vulnerability Publication Date: 5/15/2019

Reference Information

CVE: CVE-2019-1732

BID: 108361

CISCO-SA: cisco-sa-20190515-nxos-rpm-injec

IAVA: 2019-A-0173

CISCO-BUG-ID: CSCvi01453, CSCvj00550