CVE-2019-1585

Name of the Vulnerable Software and Affected Versions Cisco Nexus 9000 Series Switches versions prior to 4.0(1h)

Description The issue is related to a misconfiguration in the controller authorization functionality of Cisco NX-OS, which could allow an authenticated, local attacker to escalate privileges. This is due to a misconfiguration of certain sudoers files for the bashroot component. An attacker could exploit this by authenticating with a crafted user id, potentially allowing temporary administrative access to escalate privileges. A successful exploit could result in the attacker gaining elevated privileges on the affected device.

Recommendations For versions prior to 4.0(1h), update to version 4.0(1h) or later to resolve the issue. As a temporary workaround, consider restricting access to the bashroot component and limiting the use of sudoers files to minimize the risk of exploitation.