CVE-2019-1593

Name of the Vulnerable Software and Affected Versions Cisco NX-OS Software (affected versions not specified)

Description The issue is related to the implementation of the Bash shell in Cisco NX-OS devices, specifically concerning access control limitations. An authenticated, local attacker could exploit this to escalate their privilege level by executing commands authorized for other user roles. The vulnerability arises from the incorrect implementation of a Bash shell command that allows role-based access control (RBAC) to be bypassed. An attacker could exploit this by authenticating to the device and entering a crafted command at the Bash prompt, potentially allowing them to execute commands restricted to other roles, such as escalating from a dev-ops user to an admin.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.