CVE-2019-1803

Name of the Vulnerable Software and Affected Versions Cisco Nexus 9000 Series Switch Software (affected versions not specified)

Description The issue is related to insufficient access control in the filesystem management mechanisms of the Cisco Nexus 9000 Series switches. This could allow an authenticated, local attacker with administrator rights to gain elevated privileges as the root user on an affected device. The vulnerability is due to overly permissive file permissions of specific system files. An attacker could exploit this by creating a crafted command string and writing it to a specific file location, potentially allowing the execution of arbitrary operating system commands as root.

Recommendations For Cisco Nexus 9000 Series Switch Software, consider restricting access to specific system files to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using administrator credentials for the device unless necessary, and ensure that all access is properly authenticated and monitored. At the moment, there is no information about a newer version that contains a fix for this vulnerability.