Permissions, Privileges, and Access Controls in Cisco NX-OS - CVE-2019-1969
Published: August 30, 2019
Vulnerability identifier: #VU20483
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-1969
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco NX-OS
Cisco NX-OS
Detailed vulnerability description
The vulnerability allows a remote attacker to perform SNMP polling of an affected device.
The vulnerability exists in the implementation of the Simple Network Management Protocol (SNMP) Access Control List (ACL) feature due to an incorrect length check when the configured ACL name is the maximum length, which is 32 ASCII characters. A remote attacker can perform SNMP polling of an affected device that should have been denied. The attacker has no control of the configuration of the SNMP ACL name.
This vulnerability affected the following products that are running a Cisco NX-OS Software with a specific SNMP ACL configured:
- Nexus 3000 Series Switches
- Nexus 3500 Platform Switches
- Nexus 3600 Platform Switches
- Nexus 9000 Series Switches in standalone NX-OS mode
- Nexus 9500 R-Series Switching Platform
How to mitigate CVE-2019-1969
Install updates from vendor's website.