CVE-2019-1605

Name of the Vulnerable Software and Affected Versions Cisco NX-OS Software versions prior to 8.1(1) on MDS 9000 Series Multilayer Switches Cisco NX-OS Software versions prior to 7.0(3)I4(8) and 7.0(3)I7(1) on Nexus 3000 Series Switches Cisco NX-OS Software versions prior to 6.0(2)A8(8) on Nexus 3500 Platform Switches Cisco NX-OS Software versions prior to 7.0(3)F3(5) on Nexus 3600 Platform Switches Cisco NX-OS Software versions prior to 7.3(2)N1(1) on Nexus 2000, 5500, 5600, and 6000 Series Switches Cisco NX-OS Software versions prior to 7.3(3)D1(1) on Nexus 7000 and 7700 Series Switches Cisco NX-OS Software versions prior to 7.0(3)I4(8) and 7.0(3)I7(1) on Nexus 9000 Series Switches in Standalone NX-OS Mode Cisco NX-OS Software versions prior to 7.0(3)F3(5) on Nexus 9500 R-Series Line Cards and Fabric Modules

Description A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary code as root. The vulnerability is due to incorrect input validation in the NX-API feature. An attacker could exploit this vulnerability by sending a crafted HTTP or HTTPS request to an internal service on an affected device that has the NX-API feature enabled. A successful exploit could allow the attacker to cause a buffer overflow and execute arbitrary code as root. Note that the NX-API feature is disabled by default.

Recommendations For MDS 9000 Series Multilayer Switches, update to version 8.1(1) or later. For Nexus 3000 Series Switches, update to version 7.0(3)I4(8) or 7.0(3)I7(1) or later. For Nexus 3500 Platform Switches, update to version 6.0(2)A8(8) or later. For Nexus 3600 Platform Switches, update to version 7.0(3)F3(5) or later. For Nexus 2000, 5500, 5600, and 6000 Series Switches, update to version 7.3(2)N1(1) or later. For Nexus 7000 and 7700 Series Switches, update to version 7.3(3)D1(1) or later. For Nexus 9000 Series Switches in Standalone NX-OS Mode, update to version 7.0(3)I4(8) or 7.0(3)I7(1) or later. For Nexus 9500 R-Series Line Cards and Fabric Modules, update to version 7.0(3)F3(5) or later.