CVE-2019-1614

Name of the Vulnerable Software and Affected Versions Cisco NX-OS Software versions prior to 7.0(3)I4(9) and 7.0(3)I7(4) Cisco NX-OS Software versions prior to 7.3(3)D1(1) and 8.2(3) Cisco NX-OS Software versions prior to 7.3(4)N1(1) Cisco NX-OS Software versions prior to 8.1(1b)

Description A vulnerability in the NX-API feature of Cisco NX-OS Software is due to incorrect input validation of user-supplied data by the NX-API subsystem. An attacker could exploit this vulnerability by sending malicious HTTP or HTTPS packets to the management interface of an affected system that has the NX-API feature enabled. A successful exploit could allow the attacker to perform a command-injection attack and execute arbitrary commands with root privileges.

Recommendations For Cisco NX-OS Software versions prior to 7.0(3)I4(9) and 7.0(3)I7(4), update to a fixed version to address the vulnerability. For Cisco NX-OS Software versions prior to 7.3(3)D1(1) and 8.2(3), update to a fixed version to address the vulnerability. For Cisco NX-OS Software versions prior to 7.3(4)N1(1), update to a fixed version to address the vulnerability. For Cisco NX-OS Software versions prior to 8.1(1b), update to a fixed version to address the vulnerability. As a temporary workaround, consider disabling the NX-API feature until a patch is available.