fkie_cve-2019-1839
Vulnerability from fkie_nvd
Published
2019-08-21 19:15
Modified
2024-11-21 04:37
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in Cisco Remote PHY Device Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying various CLI commands with crafted arguments. A successful exploit could allow the attacker to run arbitrary commands as the root user, allowing complete compromise of the system.
References
psirt@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-rphyVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-rphyVendor Advisory
Impacted products
Vendor Product Version
cisco remote_phy_120_firmware *
cisco remote_phy_120 -
cisco remote_phy_220_firmware *
cisco remote_phy_220 -
cisco remote_phy_shelf_7200_firmware *
cisco remote_phy_shelf_7200 -
cisco cbr-8_firmware 1.1
cisco cbr-8_firmware 6.1
cisco cbr-8_firmware 6.2
cisco cbr-8 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:remote_phy_120_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A37CFC07-68B6-4F28-81C7-BD12DDDC6CFA",
              "versionEndExcluding": "6.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:remote_phy_120:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "05827362-30F2-479A-9699-842C929D3586",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:remote_phy_220_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B39EBF47-3CB0-4D26-8516-B33193F7E835",
              "versionEndExcluding": "3.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:remote_phy_220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D68A45F-DB59-4238-AF2D-B2AD31717616",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:remote_phy_shelf_7200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13AAE747-4B8F-4B8B-9D25-403D622A1C2E",
              "versionEndExcluding": "1.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:remote_phy_shelf_7200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "135D4A14-56AA-4F69-97EA-1005C4479241",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:cbr-8_firmware:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "486E2C42-838F-4B93-AD4D-E78FA9FCB42B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:cbr-8_firmware:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5FB4B49-81A8-405C-8FFA-E353B4695E88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:cbr-8_firmware:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCF3DC04-C1AE-457A-AD7C-896AAA47757C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:cbr-8:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB77D0EC-A448-4D97-8EB0-EA4956549A52",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in Cisco Remote PHY Device Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying various CLI commands with crafted arguments. A successful exploit could allow the attacker to run arbitrary commands as the root user, allowing complete compromise of the system."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el software del dispositivo Cisco Remote PHY podr\u00eda permitir que un atacante local autenticado ejecute comandos en el shell Linux subyacente de un dispositivo afectado con privilegios de root. La vulnerabilidad se produce porque el software afectado desinfecta incorrectamente las entradas proporcionadas por el usuario. Un atacante que tenga acceso v\u00e1lido de administrador a un dispositivo afectado podr\u00eda aprovechar esta vulnerabilidad al proporcionar varios comandos CLI con argumentos dise\u00f1ados. Un exploit exitoso podr\u00eda permitir al atacante ejecutar comandos arbitrarios como usuario root, lo que permitir\u00eda un compromiso total del sistema."
    }
  ],
  "id": "CVE-2019-1839",
  "lastModified": "2024-11-21T04:37:30.377",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-08-21T19:15:14.153",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-rphy"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-rphy"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.