CVE-2019-1603

Name of the Vulnerable Software and Affected Versions Cisco NX-OS Software versions prior to 7.0(3)I7(4) Cisco NX-OS Software versions prior to 7.0(3)F3(5)

Description The issue is caused by insufficient authorization enforcement in the command-line interface of Cisco NX-OS devices, allowing an authenticated, local attacker to escalate lower-level privileges to the administrator level. An attacker could exploit this by authenticating to the targeted device and executing commands that could lead to elevated privileges, potentially making configuration changes to the system as administrator.

Recommendations For versions prior to 7.0(3)I7(4), update to version 7.0(3)I7(4) or later. For versions prior to 7.0(3)F3(5), update to version 7.0(3)F3(5) or later.