CVE-2019-1732
15.05.2019, 17:29
A vulnerability in the Remote Package Manager (RPM) subsystem of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to leverage a time-of-check, time-of-use (TOCTOU) race condition to corrupt local variables, which could lead to arbitrary command injection. The vulnerability is due to the lack of a proper locking mechanism on critical variables that need to stay static until used. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a set of RPM-related CLI commands. A successful exploit could allow the attacker to perform arbitrary command injection. The attacker would need administrator credentials for the targeted device.
| Vendor | Product | Version |
|---|---|---|
| cisco | nx-os | 7.0\(3\)i4 ≤ 𝑥 < 7.0\(3\)i7\(4\) |
| cisco | nx_os | 7.0\(3\) ≤ 𝑥 < 7.0\(3\)f3\(5\) |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
- CWE-667 - Improper LockingThe software does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.