CVE-2019-1618

Name of the Vulnerable Software and Affected Versions Cisco Nexus 9000 Series Switches in standalone NX-OS mode versions prior to 7.0(3)I7(5)

Description A vulnerability in the Tetration Analytics agent could allow an authenticated, local attacker to execute arbitrary code as root due to an incorrect permissions setting. An attacker could exploit this vulnerability by replacing valid agent files with malicious code, resulting in the execution of code supplied by the attacker.

Recommendations For versions prior to 7.0(3)I7(5), update to version 7.0(3)I7(5) or later to resolve the issue. As a temporary workaround, consider restricting access to the Tetration Analytics agent to minimize the risk of exploitation.