CVE-2019-1732

Name of the Vulnerable Software and Affected Versions Cisco NX-OS Software (affected versions not specified)

Description The issue is related to a time-of-check, time-of-use (TOCTOU) race condition in the Remote Package Manager (RPM) subsystem of Cisco NX-OS Software. This condition could allow an authenticated, local attacker with administrator credentials to corrupt local variables, leading to arbitrary command injection. The vulnerability is due to the lack of a proper locking mechanism on critical variables. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a set of RPM-related CLI commands, potentially allowing them to perform arbitrary command injection.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.