Cisco NX-OS Directory Traversal (cisco-sa-20190501-fabric-traversal)

high Nessus Plugin ID 139806

Synopsis

The remote device is missing a vendor-supplied patch

Description

The version of Cisco NX-OS installed on the remote host is affected by a directory traversal vulnerability in its system shell due to incorrect symbolic link verification of directory paths. An authenticated, local attacker can exploit this, to overwrite system files whose access should be restricted to the root system user.

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

Solution

Upgrade to the relevant fixed version referenced in Cisco Security Advisory cisco-sa-20190501-fabric-traversal

See Also

http://www.nessus.org/u?b8edbc36

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo80695

Plugin Details

Severity: High

ID: 139806

File Name: cisco-sa-20190501-fabric-traversal.nasl

Version: 1.8

Type: combined

Family: CISCO

Published: 8/25/2020

Updated: 10/19/2020

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: Medium

Base Score: 6.6

Temporal Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:C/A:C

CVSS Score Source: CVE-2019-1836

CVSS v3

Risk Factor: High

Base Score: 7.1

Temporal Score: 6.2

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:nx-os

Required KB Items: Host/Cisco/NX-OS/Version, Host/Cisco/NX-OS/Model, Host/Cisco/NX-OS/Device

Exploit Ease: No known exploits are available

Patch Publication Date: 5/1/2019

Vulnerability Publication Date: 5/1/2019

Reference Information

CVE: CVE-2019-1836