CVE-2019-1811

Name of the Vulnerable Software and Affected Versions Cisco NX-OS Software (affected versions not specified)

Description The issue is related to incorrect verification of cryptographic signatures in the Image Signature Verification feature of Cisco NX-OS Software. This could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device.

Recommendations For Cisco NX-OS Software, update to a version that includes the fix for this issue, as Cisco has released software updates that address these vulnerabilities. As a temporary workaround, consider restricting access to the CLI command execution to minimize the risk of exploitation. Avoid installing unsigned software images on affected devices until the issue is resolved. At the moment, there is no information about specific versions that contain a fix for this vulnerability, but it is recommended to check the Cisco Security Advisory for the latest information on patches and updates.