CVE-2019-1813

Name of the Vulnerable Software and Affected Versions Cisco NX-OS Software (affected versions not specified)

Description The issue is related to incorrect verification of cryptographic signatures in the Image Signature Verification feature of Cisco NX-OS Software. This could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this to install an unsigned software image on an affected device.

Recommendations For Cisco NX-OS Software, consider applying the software updates released by Cisco that address these vulnerabilities. As a temporary workaround, restrict access to the CLI command execution to minimize the risk of exploitation. Avoid installing unsigned software images on affected devices until the issue is resolved. At the moment, there is no information about specific versions that contain a fix for this vulnerability, but applying the latest software updates from Cisco is recommended.