CVE-2019-1795

Name of the Vulnerable Software and Affected Versions Cisco FXOS Software versions (affected versions not specified) Cisco NX-OS Software versions (affected versions not specified)

Description The issue is related to insufficient validation of input data in the command-line interface (CLI) of Cisco NX-OS and FX-OS, which could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. An attacker could exploit this by including malicious input as an argument of an affected command, potentially allowing the execution of arbitrary commands with elevated privileges. The attacker would need valid administrator credentials to exploit this.

Recommendations For Cisco FXOS Software, update to a version that includes the fix for this issue. For Cisco NX-OS Software, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the CLI command that is vulnerable to malicious input until a patch is available.