CVE-2019-1836

Name of the Vulnerable Software and Affected Versions Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode versions prior to 14.1(1i)

Description A vulnerability exists in the system shell due to incorrect symbolic link verification of directory paths, allowing an authenticated, local attacker to overwrite sensitive system files by providing crafted user input to specific symbolic link CLI commands. The attacker would need valid device credentials to exploit this issue. Successful exploitation could allow the attacker to overwrite system files that should be restricted.

Recommendations For versions prior to 14.1(1i), update to software version 14.1(1i) to fix the vulnerability. As a temporary workaround, consider restricting access to the system shell and limiting the use of symbolic link CLI commands to minimize the risk of exploitation.