CVE-2019-1601

Name of the Vulnerable Software and Affected Versions Cisco NX-OS Software versions prior to 6.2(25) Cisco NX-OS Software versions prior to 6.2(22) Cisco NX-OS Software versions prior to 7.0(3)I4(9) Cisco NX-OS Software versions prior to 7.0(3)I7(4) Cisco NX-OS Software versions prior to 6.0(2)A8(10) Cisco NX-OS Software versions prior to 7.1(5)N1(1b) Cisco NX-OS Software versions prior to 7.3(3)N1(1) Cisco NX-OS Software versions prior to 7.3(3)D1(1) Cisco NX-OS Software versions prior to 8.1(1b) Cisco NX-OS Software versions prior to 8.2(3) Cisco NX-OS Software versions prior to 8.3(1) Cisco NX-OS Software versions prior to 7.0(3)F3(5)

Description A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to gain read and write access to a critical configuration file. The vulnerability is due to a failure to impose strict filesystem permissions on the targeted device. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow an attacker to use the content of this configuration file to bypass authentication and log in as any user of the device.

Recommendations For versions prior to 6.2(25), update to a fixed version. For versions prior to 6.2(22), update to a fixed version. For versions prior to 7.0(3)I4(9), update to a fixed version. For versions prior to 7.0(3)I7(4), update to a fixed version. For versions prior to 6.0(2)A8(10), update to a fixed version. For versions prior to 7.1(5)N1(1b), update to a fixed version. For versions prior to 7.3(3)N1(1), update to a fixed version. For versions prior to 7.3(3)D1(1), update to a fixed version. For versions prior to 8.1(1b), update to a fixed version. For versions prior to 8.2(3), update to a fixed version. For versions prior to 8.3(1), update to a fixed version. For versions prior to 7.0(3)F3(5), update to a fixed version.