-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2019.1759.4
               Cisco FXOS and NX-OS Software Vulnerabilities
                                22 May 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Cisco FXOS and NX-OS Software
Publisher:         Cisco Systems
Operating System:  Cisco
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account      
                   Increased Privileges            -- Existing Account      
                   Denial of Service               -- Remote/Unauthenticated
                   Access Confidential Data        -- Existing Account      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-1858 CVE-2019-1795 CVE-2019-1791
                   CVE-2019-1790 CVE-2019-1784 CVE-2019-1783
                   CVE-2019-1782 CVE-2019-1781 CVE-2019-1780
                   CVE-2019-1779 CVE-2019-1778 CVE-2019-1776
                   CVE-2019-1775 CVE-2019-1774 CVE-2019-1770
                   CVE-2019-1769 CVE-2019-1735 CVE-2019-1734
                   CVE-2019-1728  

Reference:         ESB-2019.1756

Original Bulletin: 
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-fxos-nxos-cmdinj-1781-1782
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-fxos-cmdinj-1779
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-fxos-cmdinj-1780
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1795
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-conf-bypass
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-fxos-info
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-snmp-dos

Revision History:  May 22 2019: Updated cisco-sa-20190515-nxos-fxos-cmdinj-1780 to v1.1
                   May 21 2019: Corrected errors in the Fixed Release tables for MDS and N7K - cisco-sa-20190515-nxos-snmp-dos
                   May 17 2019: Added mitigation for cisco-sa-20190515-nxos-snmp-dos
                   May 16 2019: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

Cisco FXOS and NX-OS Software Command Injection Vulnerabilities (CVE-2019-1781,
CVE-2019-1782)

Priority:        Medium

Advisory ID:     cisco-sa-20190515-fxos-nxos-cmdinj-1781-1782

First Published: 2019 May 15 16:00 GMT

Version 1.0:     Final

Workarounds:     No workarounds availableCisco Bug IDs:   CSCvh20027 CSCvh20389 CSCvi01445 CSCvi01448CSCvi91985 CSCvi92126 CSCvi92128 CSCvi92129CSCvi92130 CSCvi96522 CSCvi96524 CSCvi96525CSCvi96526 CSCvi96527

CVE-2019-1781    
CVE-2019-1782    

CWE-77

CVSS Score:
6.7  AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X

Summary

  o Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco NX-OS
    Software could allow an authenticated, local attacker to execute arbitrary
    commands on the underlying operating system of an affected device.

    These vulnerabilities are due to insufficient validation of arguments
    passed to certain CLI commands. An attacker could exploit these
    vulnerabilities by including malicious input as the argument of an affected
    command. A successful exploit could allow the attacker to execute arbitrary
    commands on the underlying operating system with elevated privileges. An
    attacker would need administrator credentials to exploit these
    vulnerabilities.

    Cisco has released software updates that address these vulnerabilities.
    There are no workarounds that address these vulnerabilities.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190515-fxos-nxos-cmdinj-1781-1782

Affected Products

  o Vulnerable Products

    These vulnerabilities affect the following Cisco products if they are
    running a vulnerable release of Cisco FXOS or NX-OS Software:

       Firepower 4100 Series
       Firepower 9300 Security Appliances
       MDS 9000 Series Multilayer Switches
       Nexus 3000 Series Switches
       Nexus 3500 Platform Switches
       Nexus 3600 Platform Switches
       Nexus 5500 Platform Switches
       Nexus 5600 Platform Switches
       Nexus 6000 Series Switches
       Nexus 7000 Series Switches
       Nexus 7700 Series Switches
       Nexus 9000 Series Switches in standalone NX-OS mode
       Nexus 9500 R-Series Switching Platform
       UCS 6200 Series Fabric Interconnects
       UCS 6300 Series Fabric Interconnects

    For information about which Cisco FXOS and NX-OS Software releases are
    vulnerable, see the Fixed Software section of this advisory.

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory
    are known to be affected by these vulnerabilities.

    Cisco has confirmed that these vulnerabilities do not affect the following
    Cisco products:

       Firepower 2100 Series
       Nexus 1000V Switch for Microsoft Hyper-V
       Nexus 1000V Switch for VMware vSphere
       Nexus 9000 Series Fabric Switches in Application Centric Infrastructure
        (ACI) mode
       UCS 6400 Series Fabric Interconnects

Details

  o Cisco has disclosed several similar CLI command injection vulnerabilities.
    They differ primarily in affected products and software versions. This
    table shows the affected products for each vulnerability by Cisco bug ID
    and CVE ID.

    Security        FP 4100/   MDS 9K/    N1000V     N3K/N3500/ N3600/     N5500K/    UCS 6200/
    Advisory        9300       N7K/       MS/VM      N9K-NXOS   N9500R     N5600/     UCS 6300
                               N7700 ^1                                    N6K        UCS 6400 ^
                                                                                      2
    Cisco NX-OS     N/A        CSCvj63728 CSCvk52969 CSCvj63877 CSCvk52988 CSCvk52972 CSCvk52975
    Software                              CSCvk52985 CSCvk52971
    Command
    Injection
    Vulnerability
    (CVE-2019-1735)
    Cisco NX-OS     N/A        N/A        N/A        CSCvh20032 CSCvj00299 N/A        N/A
    Software Line
    Card Command
    Injection
    Vulnerability
    (CVE-2019-1769)
    Cisco NX-OS     N/A        CSCvh75867 CSCvi92240 CSCvh75958 CSCvi92239 CSCvi92243 N/A
    Software                   ^1         CSCvk36294 CSCvi92242
    Command
    Injection
    Vulnerability
    (CVE-2019-1770)
    Cisco NX-OS     N/A        CSCvh75895 N/A        CSCvh75968 CSCvi99195 CSCvi99198 N/A
    Software                   CSCvh75909            CSCvh75976 CSCvi92256 CSCvi92260
    Command                                          CSCvi99197
    Injection                                        CSCvi92258
    Vulnerabilities
    (CVE-2019-1774,
    CVE-2019-1775)
    Cisco NX-OS     N/A        CSCvh20081 N/A        CSCvh20076 CSCvi96429 CSCvi96432 CSCvi96433
    Software                                         CSCvi96431                       ^2
    Command
    Injection
    Vulnerability
    (CVE-2019-1776)
    Cisco NX-OS     N/A        N/A        N/A        CSCvh75996 CSCvj03877 N/A        N/A
    Software
    Command
    Injection
    Vulnerability
    (CVE-2019-1778)
    Cisco FXOS and  CSCvj00418 CSCve51688 N/A        CSCvh76126 CSCvj00412 CSCvj00416 N/A
    NX-OS Software
    Command
    Injection
    Vulnerability
    (CVE-2019-1779)
    Cisco FXOS and  CSCvi92332 CSCvi01440 N/A        CSCvi01431 CSCvi92326 CSCvi92329 N/A
    NX-OS Software                                   CSCvi92328
    Command
    Injection
    Vulnerability
    (CVE-2019-1780)
    Cisco FXOS and  CSCvi96527 CSCvi01448 N/A        CSCvi01445 CSCvi96522 CSCvi96525 CSCvi96526
    NX-OS Software  CSCvi92130 CSCvh20389            CSCvh20027 CSCvi91985 CSCvi92128 ^2
    Command                                          CSCvi96524                       CSCvi92129
    Injection                                        CSCvi92126                       ^2
    Vulnerabilities
    (CVE-2019-1781,
    CVE-2019-1782)
    Cisco NX-OS     N/A        CSCvi42281 N/A        N/A        N/A        CSCvj03966 N/A
    Software                   ^1
    Command
    Injection
    Vulnerability
    (CVE-2019-1783)
    Cisco NX-OS     N/A        CSCvi42292 N/A        N/A        N/A        CSCvj12273 CSCvj12274
    Software                   ^1                                                     ^2
    Command
    Injection
    Vulnerability
    (CVE-2019-1784)
    Cisco NX-OS     N/A        CSCvh20112 N/A        CSCvh20096 CSCvi96504 CSCvi96509 CSCvi96510
    Software                                                                          ^2
    Command
    Injection
    Vulnerability
    (CVE-2019-1790)
    Cisco NX-OS     N/A        CSCvj63667 N/A        CSCvj63270 CSCvk50889 CSCvk50876 N/A
    Software                                         CSCvk50873
    Command
    Injection
    Vulnerability
    (CVE-2019-1791)
    Cisco FXOS and  CSCvh66259 CSCvh20359 CSCvh66257 CSCvh20029 CSCvh66202 CSCvh66214 CSCvh66243
    NX-OS Software                        CSCvk30761 CSCvh66219                       ^2
    Command
    Injection
    Vulnerability
    (CVE-2019-1795)

    1. CSCvh75867, CSCvi42281, and CSCvi42292 apply to only Nexus 7000 Series
    and Nexus 7700 Series Switches. The MDS 9000 Series Multilayer Switches are
    not affected by these vulnerabilities.
    2. CSCvk52975 applies to UCS 6200, 6300, and 6400. For all other UCS
    defects, only UCS 6200 and 6300 are affected (and UCS 6400 is not
    affected).

Workarounds

  o There are no workarounds that address these vulnerabilities.

Fixed Software

  o Cisco has released free software updates that address the vulnerabilities
    described in this advisory. Customers may only install and expect support
    for software versions and feature sets for which they have purchased a
    license. By installing, downloading, accessing, or otherwise using such
    software upgrades, customers agree to follow the terms of the Cisco
    software license: https://www.cisco.com/c/en/us/products/
    end-user-license-agreement.html

    Additionally, customers may only download software for which they have a
    valid license, procured from Cisco directly, or through a Cisco authorized
    reseller or partner. In most cases this will be a maintenance upgrade to
    software that was previously purchased. Free security software updates do
    not entitle customers to a new software license, additional software
    feature sets, or major revision upgrades.

    When considering software upgrades, customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories and Alerts page , to determine exposure and a
    complete upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the Cisco
    Technical Assistance Center (TAC) or their contracted maintenance
    providers.

    Customers Without Service Contracts

    Customers who purchase directly from Cisco but do not hold a Cisco service
    contract and customers who make purchases through third-party vendors but
    are unsuccessful in obtaining fixed software through their point of sale
    should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c
    /en/us/support/web/tsd-cisco-worldwide-contacts.html

    Customers should have the product serial number available and be prepared
    to provide the URL of this advisory as evidence of entitlement to a free
    upgrade.

    Fixed Releases

    No upgrade action is necessary for products that are running Cisco NX-OS
    Software for cases in which customers have already applied a recommended
    Cisco NX-OS Software release to address the March 2019 Cisco FXOS and NX-OS
    Software bundle. See Cisco Event Response: March 2019 Cisco FXOS and NX-OS
    Software Security Advisory Bundled Publication for a list of advisories in
    the bundle.

    Customers who have not applied a recommended release to address the March
    2019 bundle or who have devices that are running Cisco FXOS software are
    advised to upgrade to an appropriate release as indicated in the applicable
    table in this section. In the following tables, the left column lists Cisco
    FXOS and NX-OS Software releases. The right column indicates the first
    release that includes the fix for the vulnerabilities that are described in
    this advisory.

    Firepower 4100 Series and Firepower 9300 Security Appliances: CSCvi96527 
    and CSCvi92130

    Cisco FXOS Software Release  First Fixed Release for These Vulnerabilities
    Prior 2.2                    2.2.2.91
    2.2                          2.2.2.91
    2.3                          2.3.1.130
    2.4                          2.4.1.222

    MDS 9000 Series Multilayer Switches: CSCvi01448 and CSCvh20389

    Cisco NX-OS Software Release First Fixed Release for These Vulnerabilities
    5.2                          6.2(25)
    6.2                          6.2(25)
    7.3                          8.3(2)
    8.1                          8.3(2)
    8.2                          8.3(2)
    8.3                          8.3(2)

    Nexus 3000 Series Switches and Nexus 9000 Series Switches in Standalone
    NX-OS Mode: CSCvi01445 and CSCvh20027

    Cisco NX-OS Software Release First Fixed Release for These Vulnerabilities
    Prior to 7.0(3)I4            7.0(3)I4(9)
    7.0(3)I4                     7.0(3)I4(9)
    7.0(3)I7                     7.0(3)I7(4)
    9.2(1)                       Not vulnerable

    Nexus 3500 Platform Switches: CSCvi96524 and CSCvi92126

    Cisco NX-OS Software Release First Fixed Release for These Vulnerabilities
    Prior to 6.0(2)A8            6.0(2)A8(11)
    6.0(2)A8                     6.0(2)A8(11)
    7.0(3)I4                     7.0(3)I4(9)
    7.0(3)I7                     7.0(3)I7(4)
    9.2                          Not vulnerable

    Nexus 3600 Platform Switches and Nexus 9500 R-Series Switching Platform: 
    CSCvi96522 and CSCvi91985

    Cisco NX-OS Software Release First Fixed Release for These Vulnerabilities
    7.0(3)                       7.0(3)F3(5)
    9.2                          Not vulnerable

    Nexus 5500, 5600, and 6000 Series Switches: CSCvi96525 and CSCvi92128

    Cisco NX-OS Software Release First Fixed Release for These Vulnerabilities
    Prior to 7.3                 7.3(4)N1(1)
    7.3                          7.3(4)N1(1)

    Nexus 7000 and 7700 Series Switches: CSCvi01448 and CSCvh20389

    Cisco NX-OS Software Release First Fixed Release for These Vulnerabilities
    Prior to 6.2                 6.2(22)
    6.2                          6.2(22)
    7.2                          7.3(3)D1(1)
    7.3                          7.3(3)D1(1)
    8.0                          8.2(3)
    8.1                          8.2(3)
    8.2                          8.2(3)
    8.3                          8.3(1)

    UCS 6200 and 6300 Fabric Interconnects : CSCvi96526 and CSCvi92129

    Cisco NX-OS Software Release First Fixed Release for These Vulnerabilities
    Prior to 4.0                 4.0(1a)
    4.0                          4.0(1a)


    Additional Resources

    For help determining the best Cisco NX-OS Software release for a Cisco
    Nexus Switch, administrators can refer to the following Recommended
    Releases documents. If a security advisory recommends a later release,
    Cisco recommends following the advisory guidance.

        Cisco MDS Series Switches
        Cisco Nexus 1000V for VMware Switch
        Cisco Nexus 3000 Series and 3500 Series Switches
        Cisco Nexus 5000 Series Switches
        Cisco Nexus 5500 Platform Switches
        Cisco Nexus 6000 Series Switches
        Cisco Nexus 7000 Series Switches
        Cisco Nexus 9000 Series Switches
        Cisco Nexus 9000 Series ACI-Mode Switches

    For help determining the best Cisco NX-OS Software release for Cisco UCS,
    refer to the Recommended Releases documents in the release notes for the
    device.

Exploitation and Public Announcements

  o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
    any public announcements or malicious use of the vulnerabilities that are
    described in this advisory.

Source

  o These vulnerabilities were found during internal security testing.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy . This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

URL

  o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190515-fxos-nxos-cmdinj-1781-1782

Revision History

  o +----------+---------------------------+----------+--------+--------------+
    | Version  |        Description        | Section  | Status |     Date     |
    +----------+---------------------------+----------+--------+--------------+
    | 1.0      | Initial public release.   | -        | Final  | 2019-May-15  |
    +----------+---------------------------+----------+--------+--------------+

- -------------------------------------------------------------------------------

Cisco FXOS and NX-OS Software Command Injection Vulnerability (CVE-2019-1779)

Priority:        Medium

Advisory ID:     cisco-sa-20190515-nxos-fxos-cmdinj-1779

First Published: 2019 May 15 16:00 GMT

Version 1.0:     Final

Workarounds:     No workarounds available

Cisco Bug IDs:   CSCve51688CSCvh76126CSCvj00412CSCvj00416CSCvj00418

CVE-2019-1779    

CWE-77

CVSS Score:
4.2  AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X

Summary

  o A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software
    could allow an authenticated, local attacker to execute arbitrary commands
    on the underlying operating system of an affected device with elevated
    privileges.

    The vulnerability is due to insufficient validation of arguments passed to
    certain CLI commands. An attacker could exploit this vulnerability by
    including malicious input as the argument of an affected command. A
    successful exploit could allow the attacker to execute arbitrary commands
    on the underlying operating system with elevated privileges. An attacker
    would need valid device credentials to exploit this vulnerability.

    Cisco has released software updates that address this vulnerability. There
    are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190515-nxos-fxos-cmdinj-1779

Affected Products

  o Vulnerable Products

    This vulnerability affects the following Cisco products if they are running
    a vulnerable release of Cisco FXOS Software or NX-OS Software:

       Firepower 4100 Series
       Firepower 9300 Security Appliances
       MDS 9000 Series Multilayer Switches
       Nexus 3000 Series Switches
       Nexus 3500 Platform Switches
       Nexus 3600 Platform Switches
       Nexus 5500 Platform Switches
       Nexus 5600 Platform Switches
       Nexus 6000 Series Switches
       Nexus 7000 Series Switches
       Nexus 7700 Series Switches
       Nexus 9000 Series Switches in standalone NX-OS mode
       Nexus 9500 R-Series Switching Platform

    For information about which Cisco FXOS Software and NX-OS Software releases
    are vulnerable, see the Fixed Software section of this advisory.

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory
    are known to be affected by this vulnerability.

    Cisco has confirmed that this vulnerability does not affect the following
    Cisco products:

       Firepower 2100 Series
       Nexus 1000V Switch for Microsoft Hyper-V
       Nexus 1000V Switch for VMware vSphere
       Nexus 9000 Series Fabric Switches in Application Centric Infrastructure
        (ACI) mode
       UCS 6200 Series Fabric Interconnects
       UCS 6300 Series Fabric Interconnects
       UCS 6400 Series Fabric Interconnects

Details

  o Cisco has disclosed several similar CLI command injection vulnerabilities.
    They differ primarily in affected products and software versions. This
    table shows the affected products for each vulnerability by Cisco bug ID
    and CVE ID.

    Security        FP 4100/   MDS 9K/    N1000V     N3K/N3500/ N3600/     N5500K/    UCS 6200/
    Advisory        9300       N7K/       MS/VM      N9K-NXOS   N9500R     N5600/     UCS 6300
                               N7700 ^1                                    N6K        UCS 6400 ^
                                                                                      2
    Cisco NX-OS     N/A        CSCvj63728 CSCvk52969 CSCvj63877 CSCvk52988 CSCvk52972 CSCvk52975
    Software                              CSCvk52985 CSCvk52971
    Command
    Injection
    Vulnerability
    (CVE-2019-1735)
    Cisco NX-OS     N/A        N/A        N/A        CSCvh20032 CSCvj00299 N/A        N/A
    Software Line
    Card Command
    Injection
    Vulnerability
    (CVE-2019-1769)
    Cisco NX-OS     N/A        CSCvh75867 CSCvi92240 CSCvh75958 CSCvi92239 CSCvi92243 N/A
    Software                   ^1         CSCvk36294 CSCvi92242
    Command
    Injection
    Vulnerability
    (CVE-2019-1770)
    Cisco NX-OS     N/A        CSCvh75895 N/A        CSCvh75968 CSCvi99195 CSCvi99198 N/A
    Software                   CSCvh75909            CSCvh75976 CSCvi92256 CSCvi92260
    Command                                          CSCvi99197
    Injection                                        CSCvi92258
    Vulnerabilities
    (CVE-2019-1774,
    CVE-2019-1775)
    Cisco NX-OS     N/A        CSCvh20081 N/A        CSCvh20076 CSCvi96429 CSCvi96432 CSCvi96433
    Software                                         CSCvi96431                       ^2
    Command
    Injection
    Vulnerability
    (CVE-2019-1776)
    Cisco NX-OS     N/A        N/A        N/A        CSCvh75996 CSCvj03877 N/A        N/A
    Software
    Command
    Injection
    Vulnerability
    (CVE-2019-1778)
    Cisco FXOS and  CSCvj00418 CSCve51688 N/A        CSCvh76126 CSCvj00412 CSCvj00416 N/A
    NX-OS Software
    Command
    Injection
    Vulnerability
    (CVE-2019-1779)
    Cisco FXOS and  CSCvi92332 CSCvi01440 N/A        CSCvi01431 CSCvi92326 CSCvi92329 N/A
    NX-OS Software                                   CSCvi92328
    Command
    Injection
    Vulnerability
    (CVE-2019-1780)
    Cisco FXOS and  CSCvi96527 CSCvi01448 N/A        CSCvi01445 CSCvi96522 CSCvi96525 CSCvi96526
    NX-OS Software  CSCvi92130 CSCvh20389            CSCvh20027 CSCvi91985 CSCvi92128 ^2
    Command                                          CSCvi96524                       CSCvi92129
    Injection                                        CSCvi92126                       ^2
    Vulnerabilities
    (CVE-2019-1781,
    CVE-2019-1782)
    Cisco NX-OS     N/A        CSCvi42281 N/A        N/A        N/A        CSCvj03966 N/A
    Software                   ^1
    Command
    Injection
    Vulnerability
    (CVE-2019-1783)
    Cisco NX-OS     N/A        CSCvi42292 N/A        N/A        N/A        CSCvj12273 CSCvj12274
    Software                   ^1                                                     ^2
    Command
    Injection
    Vulnerability
    (CVE-2019-1784)
    Cisco NX-OS     N/A        CSCvh20112 N/A        CSCvh20096 CSCvi96504 CSCvi96509 CSCvi96510
    Software                                                                          ^2
    Command
    Injection
    Vulnerability
    (CVE-2019-1790)
    Cisco NX-OS     N/A        CSCvj63667 N/A        CSCvj63270 CSCvk50889 CSCvk50876 N/A
    Software                                         CSCvk50873
    Command
    Injection
    Vulnerability
    (CVE-2019-1791)
    Cisco FXOS and  CSCvh66259 CSCvh20359 CSCvh66257 CSCvh20029 CSCvh66202 CSCvh66214 CSCvh66243
    NX-OS Software                        CSCvk30761 CSCvh66219                       ^2
    Command
    Injection
    Vulnerability
    (CVE-2019-1795)

    1. CSCvh75867, CSCvi42281, and CSCvi42292 apply to only Nexus 7000 Series
    and Nexus 7700 Series Switches. The MDS 9000 Series Multilayer Switches are
    not affected by these vulnerabilities.
    2. CSCvk52975 applies to UCS 6200, 6300, and 6400. For all other UCS
    defects, only UCS 6200 and 6300 are affected (and UCS 6400 is not
    affected).

Workarounds

  o There are no workarounds that address this vulnerability.

Fixed Software

  o Cisco has released free software updates that address the vulnerability
    described in this advisory. Customers may only install and expect support
    for software versions and feature sets for which they have purchased a
    license. By installing, downloading, accessing, or otherwise using such
    software upgrades, customers agree to follow the terms of the Cisco
    software license: https://www.cisco.com/c/en/us/products/
    end-user-license-agreement.html

    Additionally, customers may only download software for which they have a
    valid license, procured from Cisco directly, or through a Cisco authorized
    reseller or partner. In most cases this will be a maintenance upgrade to
    software that was previously purchased. Free security software updates do
    not entitle customers to a new software license, additional software
    feature sets, or major revision upgrades.

    When considering software upgrades, customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories and Alerts page , to determine exposure and a
    complete upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the Cisco
    Technical Assistance Center (TAC) or their contracted maintenance
    providers.

    Customers Without Service Contracts

    Customers who purchase directly from Cisco but do not hold a Cisco service
    contract and customers who make purchases through third-party vendors but
    are unsuccessful in obtaining fixed software through their point of sale
    should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c
    /en/us/support/web/tsd-cisco-worldwide-contacts.html

    Customers should have the product serial number available and be prepared
    to provide the URL of this advisory as evidence of entitlement to a free
    upgrade.

    Fixed Releases

    No upgrade action is necessary for customers who have already applied a
    recommended release to address the March 2019 Cisco FXOS and NX-OS Software
    bundle. See Cisco Event Response: March 2019 Cisco FXOS and NX-OS Software
    Security Advisory Bundled Publication for a list of advisories in the
    bundle.

    Customers who have not applied a recommended release to address the March
    2019 bundle are advised to upgrade to an appropriate release as indicated
    in the applicable table in this section. In the following tables, the left
    column lists Cisco FXOS and NX-OS Software releases. The right column
    indicates the first release that includes the fix for this vulnerability.

    Firepower 4100 Series and Firepower 9300 Security Appliances: CSCvj00418

    Cisco FXOS Software Release   First Fixed Release for This Vulnerability
    Prior to 2.4                  2.4.1.101
    2.4                           2.4.1.101

    MDS 9000 Series Multilayer Switches: CSCve51688

    Cisco NX-OS Software Release   First Fixed Release for This Vulnerability
    5.2                            6.2(25)
    6.2                            6.2(25)
    7.3                            8.1(1b)
    8.1                            8.1(1b)
    8.2                            8.3(1)
    8.3                            8.3(1)

    Nexus 3000 Series Switches, Nexus 3500 Platform Switches, and Nexus 9000
    Series Switches in Standalone NX-OS Mode: CSCvh76126

    Cisco NX-OS Software Release   First Fixed Release for This Vulnerability
    Prior to 7.0(3)I4              7.0(3)I4(9)
    7.0(3)I4                       7.0(3)I4(9)
    7.0(3)I7                       7.0(3)I7(4)
    9.2(1)                         Not vulnerable

    Nexus 3600 Platform Switches and Nexus 9500 R-Series Switching Platform: 
    CSCvj00412

    Cisco NX-OS Software Release   First Fixed Release for This Vulnerability
    7.0(3)                         7.0(3)F3(5)
    9.2                            Not vulnerable

    Nexus 5500 and 5600 Platform Switches and 6000 Series Switches: CSCvj00416

    Cisco NX-OS Software Release   First Fixed Release for This Vulnerability
    Prior to 7.3                   7.3(4)N1(1)
    7.3                            7.3(4)N1(1)

    Nexus 7000 and 7700 Series Switches: CSCve51688

    Cisco NX-OS Software Release   First Fixed Release for This Vulnerability
    Prior to 6.2                   6.2(22)
    6.2                            6.2(22)
    7.2                            7.3(3)D1(1)
    7.3                            7.3(3)D1(1)
    8.0                            8.3(1)
    8.1                            8.3(1)
    8.2                            8.3(1)
    8.3                            8.3(1)

    Additional Resources

    For help determining the best Cisco NX-OS Software release for a Cisco
    Nexus Switch, administrators can refer to the following Recommended
    Releases documents. If a security advisory recommends a later release,
    Cisco recommends following the advisory guidance.

        Cisco MDS Series Switches
        Cisco Nexus 1000V for VMware Switch
        Cisco Nexus 3000 Series and 3500 Series Switches
        Cisco Nexus 5000 Series Switches
        Cisco Nexus 5500 Platform Switches
        Cisco Nexus 6000 Series Switches
        Cisco Nexus 7000 Series Switches
        Cisco Nexus 9000 Series Switches
        Cisco Nexus 9000 Series ACI-Mode Switches

    For help determining the best Cisco NX-OS Software release for Cisco UCS,
    refer to the Recommended Releases documents in the release notes for the
    device.

Exploitation and Public Announcements

  o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
    any public announcements or malicious use of the vulnerability that is
    described in this advisory.

Source

  o This vulnerability was found during internal security testing.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy . This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

URL

  o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190515-nxos-fxos-cmdinj-1779

Revision History

  o +----------+---------------------------+----------+--------+--------------+
    | Version  |        Description        | Section  | Status |     Date     |
    +----------+---------------------------+----------+--------+--------------+
    | 1.0      | Initial public release.   | -        | Final  | 2019-May-15  |
    +----------+---------------------------+----------+--------+--------------+

- -------------------------------------------------------------------------------

Cisco FXOS and NX-OS Software Command Injection Vulnerability (CVE-2019-1780)

Priority:        Medium

Advisory ID:     cisco-sa-20190515-nxos-fxos-cmdinj-1780

First Published: 2019 May 15 16:00 GMT

Last Updated:    2019 May 21 13:55 GMT

Version 1.1:     Final

Workarounds:     No workarounds available

CVE-2019-1780    

CWE-77

CVSS Score:
4.2  AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X

Summary

  o A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software
    could allow an authenticated, local attacker with administrator credentials
    to execute arbitrary commands on the underlying operating system of an
    affected device with elevated privileges.

    The vulnerability is due to insufficient validation of arguments passed to
    certain CLI commands. An attacker could exploit this vulnerability by
    including malicious input as the argument of an affected command. A
    successful exploit could allow the attacker to execute arbitrary commands
    on the underlying operating system with elevated privileges. An attacker
    would need valid administrator credentials to exploit this vulnerability.

    Cisco has released software updates that address this vulnerability. There
    are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190515-nxos-fxos-cmdinj-1780

Affected Products

  o Vulnerable Products

    This vulnerability affects the following Cisco products if they are running
    a vulnerable release of Cisco FXOS Software or NX-OS Software:

       Firepower 4100 Series
       Firepower 9300 Security Appliances
       MDS 9000 Series Multilayer Switches
       Nexus 3000 Series Switches
       Nexus 3500 Platform Switches
       Nexus 3600 Platform Switches
       Nexus 5500 Platform Switches
       Nexus 5600 Platform Switches
       Nexus 6000 Series Switches
       Nexus 7000 Series Switches
       Nexus 7700 Series Switches
       Nexus 9000 Series Switches in standalone NX-OS mode
       Nexus 9500 R-Series Switching Platform

    For information about which Cisco FXOS Software and NX-OS Software releases
    are vulnerable, see the Fixed Software section of this advisory.

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory
    are known to be affected by this vulnerability.

    Cisco has confirmed that this vulnerability does not affect the following
    Cisco products:

       Firepower 2100 Series
       Nexus 1000V Switch for Microsoft Hyper-V
       Nexus 1000V Switch for VMware vSphere
       Nexus 9000 Series Fabric Switches in Application Centric Infrastructure
        (ACI) mode
       UCS 6200 Series Fabric Interconnects
       UCS 6300 Series Fabric Interconnects
       UCS 6400 Series Fabric Interconnects

Details

  o Cisco has disclosed several similar CLI command injection vulnerabilities.
    They differ primarily in affected products and software versions. This
    table shows the affected products for each vulnerability by Cisco bug ID
    and CVE ID.

    Security        FP 4100/   MDS 9K/    N1000V     N3K/N3500/ N3600/     N5500K/    UCS 6200/
    Advisory        9300       N7K/       MS/VM      N9K-NXOS   N9500R     N5600/     UCS 6300
                               N7700 ^1                                    N6K        UCS 6400 ^
                                                                                      2
    Cisco NX-OS     N/A        CSCvj63728 CSCvk52969 CSCvj63877 CSCvk52988 CSCvk52972 CSCvk52975
    Software                              CSCvk52985 CSCvk52971
    Command
    Injection
    Vulnerability
    (CVE-2019-1735)
    Cisco NX-OS     N/A        N/A        N/A        CSCvh20032 CSCvj00299 N/A        N/A
    Software Line
    Card Command
    Injection
    Vulnerability
    (CVE-2019-1769)
    Cisco NX-OS     N/A        CSCvh75867 CSCvi92240 CSCvh75958 CSCvi92239 CSCvi92243 N/A
    Software                   ^1         CSCvk36294 CSCvi92242
    Command
    Injection
    Vulnerability
    (CVE-2019-1770)
    Cisco NX-OS     N/A        CSCvh75895 N/A        CSCvh75968 CSCvi99195 CSCvi99198 N/A
    Software                   CSCvh75909            CSCvh75976 CSCvi92256 CSCvi92260
    Command                                          CSCvi99197
    Injection                                        CSCvi92258
    Vulnerabilities
    (CVE-2019-1774,
    CVE-2019-1775)
    Cisco NX-OS     N/A        CSCvh20081 N/A        CSCvh20076 CSCvi96429 CSCvi96432 CSCvi96433
    Software                                         CSCvi96431                       ^2
    Command
    Injection
    Vulnerability
    (CVE-2019-1776)
    Cisco NX-OS     N/A        N/A        N/A        CSCvh75996 CSCvj03877 N/A        N/A
    Software
    Command
    Injection
    Vulnerability
    (CVE-2019-1778)
    Cisco FXOS and  CSCvj00418 CSCve51688 N/A        CSCvh76126 CSCvj00412 CSCvj00416 N/A
    NX-OS Software
    Command
    Injection
    Vulnerability
    (CVE-2019-1779)
    Cisco FXOS and  CSCvi92332 CSCvi01440 N/A        CSCvi01431 CSCvi92326 CSCvi92329 N/A
    NX-OS Software                                   CSCvi92328
    Command
    Injection
    Vulnerability
    (CVE-2019-1780)
    Cisco FXOS and  CSCvi96527 CSCvi01448 N/A        CSCvi01445 CSCvi96522 CSCvi96525 CSCvi96526
    NX-OS Software  CSCvi92130 CSCvh20389            CSCvh20027 CSCvi91985 CSCvi92128 ^2
    Command                                          CSCvi96524                       CSCvi92129
    Injection                                        CSCvi92126                       ^2
    Vulnerabilities
    (CVE-2019-1781,
    CVE-2019-1782)
    Cisco NX-OS     N/A        CSCvi42281 N/A        N/A        N/A        CSCvj03966 N/A
    Software                   ^1
    Command
    Injection
    Vulnerability
    (CVE-2019-1783)
    Cisco NX-OS     N/A        CSCvi42292 N/A        N/A        N/A        CSCvj12273 CSCvj12274
    Software                   ^1                                                     ^2
    Command
    Injection
    Vulnerability
    (CVE-2019-1784)
    Cisco NX-OS     N/A        CSCvh20112 N/A        CSCvh20096 CSCvi96504 CSCvi96509 CSCvi96510
    Software                                                                          ^2
    Command
    Injection
    Vulnerability
    (CVE-2019-1790)
    Cisco NX-OS     N/A        CSCvj63667 N/A        CSCvj63270 CSCvk50889 CSCvk50876 N/A
    Software                                         CSCvk50873
    Command
    Injection
    Vulnerability
    (CVE-2019-1791)
    Cisco FXOS and  CSCvh66259 CSCvh20359 CSCvh66257 CSCvh20029 CSCvh66202 CSCvh66214 CSCvh66243
    NX-OS Software                        CSCvk30761 CSCvh66219                       ^2
    Command
    Injection
    Vulnerability
    (CVE-2019-1795)

    1. CSCvh75867, CSCvi42281, and CSCvi42292 apply to only Nexus 7000 Series
    and Nexus 7700 Series Switches. The MDS 9000 Series Multilayer Switches are
    not affected by these vulnerabilities.
    2. CSCvk52975 applies to UCS 6200, 6300, and 6400. For all other UCS
    defects, only UCS 6200 and 6300 are affected (and UCS 6400 is not
    affected).

Workarounds

  o There are no workarounds that address this vulnerability.

Fixed Software

  o Cisco has released free software updates that address the vulnerability
    described in this advisory. Customers may only install and expect support
    for software versions and feature sets for which they have purchased a
    license. By installing, downloading, accessing, or otherwise using such
    software upgrades, customers agree to follow the terms of the Cisco
    software license: https://www.cisco.com/c/en/us/products/
    end-user-license-agreement.html

    Additionally, customers may only download software for which they have a
    valid license, procured from Cisco directly, or through a Cisco authorized
    reseller or partner. In most cases this will be a maintenance upgrade to
    software that was previously purchased. Free security software updates do
    not entitle customers to a new software license, additional software
    feature sets, or major revision upgrades.

    When considering software upgrades, customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories and Alerts page , to determine exposure and a
    complete upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the Cisco
    Technical Assistance Center (TAC) or their contracted maintenance
    providers.

    Customers Without Service Contracts

    Customers who purchase directly from Cisco but do not hold a Cisco service
    contract and customers who make purchases through third-party vendors but
    are unsuccessful in obtaining fixed software through their point of sale
    should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c
    /en/us/support/web/tsd-cisco-worldwide-contacts.html

    Customers should have the product serial number available and be prepared
    to provide the URL of this advisory as evidence of entitlement to a free
    upgrade.

    Fixed Releases

    No upgrade action is necessary for products that are running Cisco NX-OS
    Software for cases in which customers have already applied a recommended
    Cisco NX-OS Software release to address the March 2019 Cisco FXOS and NX-OS
    Software bundle. See Cisco Event Response: March 2019 Cisco FXOS and NX-OS
    Software Security Advisory Bundled Publication for a list of advisories in
    the bundle.

    Customers who have not applied a recommended release to address the March
    2019 bundle or who have devices that are running Cisco FXOS software are
    advised to upgrade to an appropriate release as indicated in the applicable
    table in this section. In the following tables, the left column lists Cisco
    FXOS and NX-OS Software releases. The right column indicates the first
    release that includes the fix for this vulnerability.

    Firepower 4100 Series and Firepower 9300 Security Appliances: CSCvi92332

    Cisco FXOS Software Release   First Fixed Release for This Vulnerability
    Prior to 2.3                  2.3.1.130
    2.3                           2.3.1.130
    2.4                           2.4.1.122

    MDS 9000 Series Multilayer Switches: CSCvi01440

    Cisco NX-OS Software Release   First Fixed Release for This Vulnerability
    5.2                            6.2(25)
    6.2                            6.2(25)
    7.3                            8.1(1b)
    8.1                            8.1(1b)
    8.2                            8.2(3)
    8.3                            8.3(1)

    Nexus 3000 Series Switches and Nexus 9000 Series Switches in Standalone
    NX-OS Mode: CSCvi01431

    Cisco NX-OS Software Release   First Fixed Release for This Vulnerability
    Prior to 7.0(3)I4              7.0(3)I4(9)
    7.0(3)I4                       7.0(3)I4(9)
    7.0(3)I7                       7.0(3)I7(4)
    9.2(1)                         Not vulnerable

    Nexus 3500 Platform Switches: CSCvi92328

    Cisco NX-OS Software Release   First Fixed Release for This Vulnerability
    Prior to 6.0(2)A8              6.0(2)A8(11)
    6.0(2)A8                       6.0(2)A8(11)
    7.0(3)I4                       7.0(3)I4(9)
    7.0(3)I7                       7.0(3)I7(4)
    9.2                            Not vulnerable

    Nexus 3600 Platform Switches and Nexus 9500 R-Series Switching Platform: 
    CSCvi92326

    Cisco NX-OS Software Release   First Fixed Release for This Vulnerability
    7.0(3)                         7.0(3)F3(5)
    9.2                            Not vulnerable

    Nexus 5500 and 5600 Platform Switches and 6000 Series Switches: CSCvi92329

    Cisco NX-OS Software Release   First Fixed Release for This Vulnerability
    Prior to 7.3                   7.3(3)N1(1)
    7.3                            7.3(3)N1(1)

    Nexus 7000 and 7700 Series Switches: CSCvi01440

    Cisco NX-OS Software Release   First Fixed Release for This Vulnerability
    Prior to 6.2                   6.2(22)
    6.2                            6.2(22)
    7.2                            7.3(3)D1(1)
    7.3                            7.3(3)D1(1)
    8.0                            8.2(3)
    8.1                            8.2(3)
    8.2                            8.2(3)
    8.3                            8.3(1)


    Additional Resources

    For help determining the best Cisco NX-OS Software release for a Cisco
    Nexus Switch, administrators can refer to the following Recommended
    Releases documents. If a security advisory recommends a later release,
    Cisco recommends following the advisory guidance.

        Cisco MDS Series Switches
        Cisco Nexus 1000V for VMware Switch
        Cisco Nexus 3000 Series and 3500 Series Switches
        Cisco Nexus 5000 Series Switches
        Cisco Nexus 5500 Platform Switches
        Cisco Nexus 6000 Series Switches
        Cisco Nexus 7000 Series Switches
        Cisco Nexus 9000 Series Switches
        Cisco Nexus 9000 Series ACI-Mode Switches

    For help determining the best Cisco NX-OS Software release for Cisco UCS,
    refer to the Recommended Releases documents in the release notes for the
    device.

Exploitation and Public Announcements

  o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
    any public announcements or malicious use of the vulnerability that is
    described in this advisory.

Source

  o This vulnerability was found during internal security testing.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy . This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

URL

  o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190515-nxos-fxos-cmdinj-1780

Revision History

  o +---------+-----------------------------+----------+--------+-------------+
    | Version |         Description         | Section  | Status |    Date     |
    +---------+-----------------------------+----------+--------+-------------+
    |         | Updated the Nexus 3000      |          |        |             |
    | 1.1     | Series Switches and Nexus   | Fixed    | Final  | 2019-May-21 |
    |         | 9000 Series Switches Fixed  | Software |        |             |
    |         | Release Table.              |          |        |             |
    +---------+-----------------------------+----------+--------+-------------+
    | 1.0     | Initial public release.     | -        | Final  | 2019-May-15 |
    +---------+-----------------------------+----------+--------+-------------+

- -------------------------------------------------------------------------------

Cisco FXOS and NX-OS Software Command Injection Vulnerability (CVE-2019-1795)

Priority:        Medium

Advisory ID:     cisco-sa-20190515-nxos-cmdinj-1795

First Published: 2019 May 15 16:00 GMT

Version 1.0:     Final

Workarounds:     No workarounds availableCisco Bug IDs:   CSCvh20029 CSCvh20359 CSCvh66202 CSCvh66214CSCvh66219 CSCvh66243 CSCvh66257 CSCvh66259CSCvk30761

CVE-2019-1795    

CWE-77

CVSS Score:
6.7  AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X

Summary

  o 
    A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software
    could allow an authenticated, local attacker to execute arbitrary commands
    on the underlying Linux operating system with the privilege level of root .

    The vulnerability is due to insufficient validation of arguments passed to
    a specific CLI command on the affected device. An attacker could exploit
    this vulnerability by including malicious input as the argument of an
    affected command. A successful exploit could allow the attacker to execute
    arbitrary commands on the underlying Linux operating system with elevated
    privileges. An attacker would need valid administrator credentials to
    exploit this vulnerability.

    Cisco has released software updates that address this vulnerability. There
    are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190515-nxos-cmdinj-1795

Affected Products

  o Vulnerable Products

    This vulnerability affects the following Cisco products if they are running
    a vulnerable release of Cisco FXOS or NX-OS Software:

       Firepower 4100 Series
       Firepower 9300 Security Appliances
       MDS 9000 Series Multilayer Switches
       Nexus 1000V Switch for Microsoft Hyper-V
       Nexus 1000V Switch for VMware vSphere
       Nexus 3000 Series Switches
       Nexus 3500 Platform Switches
       Nexus 3600 Platform Switches
       Nexus 5500 Platform Switches
       Nexus 5600 Platform Switches
       Nexus 6000 Series Switches
       Nexus 7000 Series Switches
       Nexus 7700 Series Switches
       Nexus 9000 Series Switches in standalone NX-OS mode
       Nexus 9500 R-Series Switching Platform
       UCS 6200 Series Fabric Interconnects
       UCS 6300 Series Fabric Interconnects

    For information about which Cisco FXOS and NX-OS Software releases are
    vulnerable, see the Fixed Software section of this advisory.

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory
    are known to be affected by this vulnerability.

    Cisco has confirmed that this vulnerability does not affect the following
    Cisco products:

       Firepower 2100 Series
       Nexus 9000 Series Fabric Switches in Application Centric Infrastructure
        (ACI) mode
       UCS 6400 Series Fabric Interconnects

Workarounds

  o There are no workarounds that address this vulnerability.

Fixed Software

  o Cisco has released free software updates that address the vulnerability
    described in this advisory. Customers may only install and expect support
    for software versions and feature sets for which they have purchased a
    license. By installing, downloading, accessing, or otherwise using such
    software upgrades, customers agree to follow the terms of the Cisco
    software license: https://www.cisco.com/c/en/us/products/
    end-user-license-agreement.html

    Additionally, customers may only download software for which they have a
    valid license, procured from Cisco directly, or through a Cisco authorized
    reseller or partner. In most cases this will be a maintenance upgrade to
    software that was previously purchased. Free security software updates do
    not entitle customers to a new software license, additional software
    feature sets, or major revision upgrades.

    When considering software upgrades, customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories and Alerts page , to determine exposure and a
    complete upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the Cisco
    Technical Assistance Center (TAC) or their contracted maintenance
    providers.

    Customers Without Service Contracts

    Customers who purchase directly from Cisco but do not hold a Cisco service
    contract and customers who make purchases through third-party vendors but
    are unsuccessful in obtaining fixed software through their point of sale
    should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c
    /en/us/support/web/tsd-cisco-worldwide-contacts.html

    Customers should have the product serial number available and be prepared
    to provide the URL of this advisory as evidence of entitlement to a free
    upgrade.

    Fixed Releases

    No upgrade action is necessary for customers who have already applied a
    recommended release to address the March 2019 Cisco FXOS and NX-OS Software
    bundle. See Cisco Event Response: March 2019 Cisco FXOS and NX-OS Software
    Security Advisory Bundled Publication for a list of advisories in the
    bundle.

    Customers who have not applied a recommended release to address the March
    2019 bundle are advised to upgrade to an appropriate release as indicated
    in the applicable table in this section. In the following tables, the left
    column lists Cisco FXOS and NX-OS Software releases. The right column
    indicates the first release that includes the fix for this vulnerability.

    Firepower 4100 Series and Firepower 9300 Security Appliances: CSCvh66259

    Cisco FXOS Software Release   First Fixed Release for This Vulnerability
    Prior 2.0                     2.0.1.201
    2.0                           2.0.1.201
    2.1                           2.2.2.54
    2.2                           2.2.2.54
    2.3                           2.3.1.73
    2.4                           2.4.1.101

    MDS 9000 Series Multilayer Switches: CSCvh20359

    Cisco NX-OS Software Release   First Fixed Release for This Vulnerability
    Prior to 8.2                   8.2(3)
    8.2                            8.2(3)
    8.3                            8.3(1)


    Nexus 1000V Switch for Microsoft Hyper-V: CSCvk30761
     

    Cisco NX-OS Software Release   First Fixed Release for This Vulnerability
    Prior to 5.2                   No fix available
    5.2                            No fix available


    Nexus 1000V Switch for VMware vSphere : CSCvh66257
     

    Cisco NX-OS Software Release   First Fixed Release for This Vulnerability
    Prior to 5.2                   5.2(1)SV3(4.1)
    5.2                            5.2(1)SV3(4.1)

    Nexus 3000 Series Switches and Nexus 9000 Series Switches in Standalone
    NX-OS Mode: CSCvh20029

    Cisco NX-OS Software Release   First Fixed Release for This Vulnerability
    Prior to 7.0(3)I4              7.0(3)I4(8)
    7.0(3)I4                       7.0(3)I4(8)
    7.0(3)I7                       7.0(3)I7(3)
    9.2(1)                         Not vulnerable

    Nexus 3500 Platform Switches: CSCvh66219

    Cisco NX-OS Software Release   First Fixed Release for This Vulnerability
    Prior to 6.0(2)A8              6.0(2)A8(11)
    6.0(2)A8                       6.0(2)A8(11)
    7.0(3)I4                       7.0(3)I4(8)
    7.0(3)I7                       7.0(3)I7(3)
    9.2                            Not vulnerable

    Nexus 3600 Platform Switches and Nexus 9500 R-Series Switching Platform : 
    CSCvh66202

    Cisco NX-OS Software Release   First Fixed Release for This Vulnerability
    7.0(3)                         7.0(3)F3(5)
    9.2                            Not vulnerable

    Nexus 5500, 5600, and 6000 Series Switches: CSCvh66214

    Cisco NX-OS Software Release   First Fixed Release for This Vulnerability
    Prior to 7.3                   7.3(4)N1(1)
    7.3                            7.3(4)N1(1)

    Nexus 7000 and 7700 Series Switches:  CSCvh20359

    Cisco NX-OS Software Release   First Fixed Release for This Vulnerability
    Prior to 6.2                   6.2(22)
    6.2                            6.2(22)
    7.2                            7.3(2)D1(3)
    7.3                            7.3(3)D1(1)
    8.0                            8.2(3)
    8.1                            8.2(3)
    8.2                            8.2(3)
    8.3                            8.3(1)

    UCS 6200 and 6300 Fabric Interconnects: CSCvh66243

    Cisco NX-OS Software Release   First Fixed Release for This Vulnerability
    Prior to 3.2                   3.2(3a)
    3.2                            3.2(3a)
    4.0                            4.0(1a)


    Additional Resources

    For help determining the best Cisco NX-OS Software release for a Cisco
    Nexus Switch, administrators can refer to the following Recommended
    Releases documents. If a security advisory recommends a later release,
    Cisco recommends following the advisory guidance.

        Cisco MDS Series Switches
        Cisco Nexus 1000V for VMware Switch
        Cisco Nexus 3000 Series and 3500 Series Switches
        Cisco Nexus 5000 Series Switches
        Cisco Nexus 5500 Platform Switches
        Cisco Nexus 6000 Series Switches
        Cisco Nexus 7000 Series Switches
        Cisco Nexus 9000 Series Switches
        Cisco Nexus 9000 Series ACI-Mode Switches

    For help determining the best Cisco NX-OS Software release for Cisco UCS,
    refer to the Recommended Releases documents in the release notes for the
    device.

Exploitation and Public Announcements

  o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
    any public announcements or malicious use of the vulnerability that is
    described in this advisory.

Source

  o This vulnerability was found during internal security testing.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy . This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

URL

  o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190515-nxos-cmdinj-1795

Revision History

  o +----------+---------------------------+----------+--------+--------------+
    | Version  |        Description        | Section  | Status |     Date     |
    +----------+---------------------------+----------+--------+--------------+
    | 1.0      | Initial public release.   | -        | Final  | 2019-May-15  |
    +----------+---------------------------+----------+--------+--------------+

- -------------------------------------------------------------------------------

Cisco FXOS and NX-OS Software Secure Configuration Bypass Vulnerability

Priority:        Medium

Advisory ID:     cisco-sa-20190515-nxos-conf-bypass

First Published: 2019 May 15 16:00 GMT

Version 1.0:     Final

Workarounds:     No workarounds available

CVE-2019-1728    

CWE-347

CVSS Score:
6.7  AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X

Summary

  o 
    A vulnerability in the Secure Configuration Validation functionality of
    Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated,
    local attacker to run arbitrary commands at system boot time with the
    privileges of root .

    The vulnerability is due to a lack of proper validation of system files
    when the persistent configuration information is read from the file system.
    An attacker could exploit this vulnerability by authenticating to the
    device and overwriting the persistent configuration storage with malicious
    executable files. An exploit could allow the attacker to run arbitrary
    commands at system startup and those commands will run as the root user.
    The attacker must have valid administrative credentials for the device.

    Cisco has released software updates that address this vulnerability. There
    are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190515-nxos-conf-bypass

Affected Products

  o Vulnerable Products

    This vulnerability affects the following Cisco products if they are running
    a vulnerable release of Cisco FXOS or NX-OS Software:

       Firepower 4100 Series
       Firepower 9300 Security Appliances
       MDS 9000 Series Multilayer Switches
       Nexus 3000 Series Switches
       Nexus 3500 Platform Switches
       Nexus 3600 Platform Switches
       Nexus 5500 Platform Switches
       Nexus 5600 Platform Switches
       Nexus 6000 Series Switches
       Nexus 7000 Series Switches
       Nexus 7700 Series Switches
       Nexus 9000 Series Switches in standalone NX-OS mode
       Nexus 9500 R-Series Switching Platform
       UCS 6200 Series Fabric Interconnects
       UCS 6300 Series Fabric Interconnects

    For information about which Cisco FXOS or NX-OS Software releases are
    vulnerable, see the Fixed Software section of this advisory.

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory
    are known to be affected by this vulnerability.

    Cisco has confirmed that this vulnerability does not affect the following
    Cisco products:

       Firepower 2100 Series
       Nexus 1000V Switch for Microsoft Hyper-V
       Nexus 1000V Switch for VMware vSphere
       Nexus 9000 Series Fabric Switches in Application Centric Infrastructure
        (ACI) mode
       UCS 6400 Series Fabric Interconnects

Workarounds

  o There are no workarounds that address this vulnerability.

Fixed Software

  o Cisco has released free software updates that address the vulnerability
    described in this advisory. Customers may only install and expect support
    for software versions and feature sets for which they have purchased a
    license. By installing, downloading, accessing, or otherwise using such
    software upgrades, customers agree to follow the terms of the Cisco
    software license: https://www.cisco.com/c/en/us/products/
    end-user-license-agreement.html

    Additionally, customers may only download software for which they have a
    valid license, procured from Cisco directly, or through a Cisco authorized
    reseller or partner. In most cases this will be a maintenance upgrade to
    software that was previously purchased. Free security software updates do
    not entitle customers to a new software license, additional software
    feature sets, or major revision upgrades.

    When considering software upgrades, customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories and Alerts page , to determine exposure and a
    complete upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the Cisco
    Technical Assistance Center (TAC) or their contracted maintenance
    providers.

    Customers Without Service Contracts

    Customers who purchase directly from Cisco but do not hold a Cisco service
    contract and customers who make purchases through third-party vendors but
    are unsuccessful in obtaining fixed software through their point of sale
    should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c
    /en/us/support/web/tsd-cisco-worldwide-contacts.html

    Customers should have the product serial number available and be prepared
    to provide the URL of this advisory as evidence of entitlement to a free
    upgrade.

    Fixed Releases

    No upgrade action is necessary for customers who have already applied a
    recommended release to address the March 2019 Cisco FXOS and NX-OS Software
    bundle. See Cisco Event Response: March 2019 Cisco FXOS and NX-OS Software
    Security Advisory Bundled Publication for a list of advisories in the
    bundle.

    Customers who have not applied a recommended release to address the March
    2019 bundle are advised to upgrade to an appropriate release as indicated
    in the applicable table in this section. In the following tables, the left
    column lists Cisco FXOS and NX-OS Software releases. The right column
    indicates the first release that includes the fix for this vulnerability.

    Firepower 4100 Series and Firepower 9300 Security Appliances: CSCvi96584

    Cisco FXOS Software Release   First Fixed Release for This Vulnerability
    Prior 2.4                     2.4.1.101
    2.4                           2.4.1.101

    MDS 9000 Series Multilayer Switches: CSCvi96578

    Cisco NX-OS Software Release   First Fixed Release for This Vulnerability
    Prior to 8.1                   8.1(1b)
    8.1                            8.1(1b)
    8.2                            8.3(1)
    8.3                            8.3(1)

    Nexus 3000 Series Switches and Nexus 9000 Series Switches in Standalone
    NX-OS Mode: CSCvh20223

    Cisco NX-OS Software Release   First Fixed Release for This Vulnerability
    Prior to 7.0(3)I7              7.0(3)I7(3)
    7.0(3)I7                       7.0(3)I7(3)
    9.2(1)                         Not vulnerable

    Nexus 3500 Platform Switches: CSCvi96579

    Cisco NX-OS Software Release   First Fixed Release for This Vulnerability
    Prior to 6.0(2)A8              6.0(2)A8(11)
    6.0(2)A8                       6.0(2)A8(11)
    7.0(3)                         7.0(3)I7(3)
    9.2                            Not vulnerable

    Nexus 3600 Platform Switches and Nexus 9500 R-Series Switching Platform : 
    CSCvi96577

    Cisco NX-OS Software Release   First Fixed Release for This Vulnerability
    7.0(3)                         7.0(3)F3(5)
    9.2                            Not vulnerable

    Nexus 5500, 5600, and 6000 Series Switches: CSCvi96580

    Cisco NX-OS Software Release   First Fixed Release for This Vulnerability
    Prior to 7.3                   7.3(4)N1(1)
    7.3                            7.3(4)N1(1)

    Nexus 7000 and 7700 Series Switches: CSCvi96578

    Cisco NX-OS Software Release   First Fixed Release for This Vulnerability
    Prior to 6.2                   6.2(22)
    6.2                            6.2(22)
    7.2                            7.3(3)D1(1)
    7.3                            7.3(3)D1(1)
    8.0                            8.3(1)
    8.1                            8.3(1)
    8.2                            8.3(1)
    8.3                            8.3(1)


    UCS 6200 and 6300 Series Fabric Interconnects: CSCvi96583


    Cisco NX-OS Software Release   First Fixed Release for This Vulnerability
    Prior to 4.0                   4.0(1a)
    4.0                            4.0(1a)


    Additional Resources

    For help determining the best Cisco NX-OS Software release for a Cisco
    Nexus Switch, administrators can refer to the following Recommended
    Releases documents. If a security advisory recommends a later release,
    Cisco recommends following the advisory guidance.

        Cisco MDS Series Switches
        Cisco Nexus 1000V for VMware Switch
        Cisco Nexus 3000 Series and 3500 Series Switches
        Cisco Nexus 5000 Series Switches
        Cisco Nexus 5500 Platform Switches
        Cisco Nexus 6000 Series Switches
        Cisco Nexus 7000 Series Switches
        Cisco Nexus 9000 Series Switches
        Cisco Nexus 9000 Series ACI-Mode Switches

    For help determining the best Cisco NX-OS Software release for Cisco UCS,
    refer to the Recommended Releases documents in the release notes for the
    device.

Exploitation and Public Announcements

  o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
    any public announcements or malicious use of the vulnerability that is
    described in this advisory.

Source

  o This vulnerability was found during internal security testing.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy . This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

URL

  o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190515-nxos-conf-bypass

Revision History

  o +----------+---------------------------+----------+--------+--------------+
    | Version  |        Description        | Section  | Status |     Date     |
    +----------+---------------------------+----------+--------+--------------+
    | 1.0      | Initial public release.   | -        | Final  | 2019-May-15  |
    +----------+---------------------------+----------+--------+--------------+

- -------------------------------------------------------------------------------

Cisco FXOS and NX-OS Software Sensitive File Read Information Disclosure
Vulnerability

Priority:        Medium

Advisory ID:     cisco-sa-20190515-nxos-fxos-info

First Published: 2019 May 15 16:00 GMT

Version 1.0:     Final

Workarounds:     No workarounds available

CVE-2019-1734    

CWE-200

CVSS Score:
5.5  AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:X/RL:X/RC:X

Summary

  o 
    A vulnerability in the implementation of a CLI diagnostic command in Cisco
    FXOS Software and Cisco NX-OS Software could allow an authenticated, local
    attacker to view sensitive system files that should be restricted. The
    attacker could use this information to conduct additional reconnaissance
    attacks.

    The vulnerability is due to incomplete role-based access control (RBAC)
    verification. An attacker could exploit this vulnerability by
    authenticating to the device and issuing a specific CLI diagnostic command
    with crafted user-input parameters. An exploit could allow the attacker to
    perform an arbitrary read of a file on the device, and the file may contain
    sensitive information. The attacker needs valid device credentials to
    exploit this vulnerability.

    Cisco has released software updates that address this vulnerability. There
    are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190515-nxos-fxos-info

Affected Products

  o Vulnerable Products

    This vulnerability affects the following Cisco products if they are running
    a vulnerable release of Cisco FXOS or NX-OS Software:

       Firepower 4100 Series
       Firepower 9300 Security Appliances
       MDS 9000 Series Multilayer Switches
       Nexus 3000 Series Switches
       Nexus 3500 Platform Switches
       Nexus 3600 Platform Switches
       Nexus 5500 Platform Switches
       Nexus 5600 Platform Switches
       Nexus 6000 Series Switches
       Nexus 7000 Series Switches
       Nexus 7700 Series Switches
       Nexus 9000 Series Switches in standalone NX-OS mode
       Nexus 9500 R-Series Switching Platform
       UCS 6200 Series Fabric Interconnects
       UCS 6300 Series Fabric Interconnects

    For information about which Cisco FXOS and NX-OS Software releases are
    vulnerable, see the Fixed Software section of this advisory.

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory
    are known to be affected by this vulnerability.

    Cisco has confirmed that this vulnerability does not affect the following
    Cisco products:

       Firepower 2100 Series
       Nexus 1000V Switch for Microsoft Hyper-V
       Nexus 1000V Switch for VMware vSphere
       Nexus 9000 Series Fabric Switches in Application Centric Infrastructure
        (ACI) mode
       UCS 6400 Series Fabric Interconnects

Workarounds

  o There are no workarounds that address this vulnerability.

Fixed Software

  o Cisco has released free software updates that address the vulnerabilities
    described in this advisory. Customers may only install and expect support
    for software versions and feature sets for which they have purchased a
    license. By installing, downloading, accessing, or otherwise using such
    software upgrades, customers agree to follow the terms of the Cisco
    software license: https://www.cisco.com/c/en/us/products/
    end-user-license-agreement.html

    Additionally, customers may only download software for which they have a
    valid license, procured from Cisco directly, or through a Cisco authorized
    reseller or partner. In most cases this will be a maintenance upgrade to
    software that was previously purchased. Free security software updates do
    not entitle customers to a new software license, additional software
    feature sets, or major revision upgrades.

    When considering software upgrades, customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories and Alerts page , to determine exposure and a
    complete upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the Cisco
    Technical Assistance Center (TAC) or their contracted maintenance
    providers.

    Customers Without Service Contracts

    Customers who purchase directly from Cisco but do not hold a Cisco service
    contract and customers who make purchases through third-party vendors but
    are unsuccessful in obtaining fixed software through their point of sale
    should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c
    /en/us/support/web/tsd-cisco-worldwide-contacts.html

    Customers should have the product serial number available and be prepared
    to provide the URL of this advisory as evidence of entitlement to a free
    upgrade.

    Fixed Releases

    No upgrade action is necessary for products that are running Cisco NX-OS
    Software for cases in which customers have already applied a recommended
    Cisco NX-OS Software release to address the March 2019 Cisco FXOS and NX-OS
    Software bundle. See Cisco Event Response: March 2019 Cisco FXOS and NX-OS
    Software Security Advisory Bundled Publication for a list of advisories in
    the bundle.

    Customers who have not applied a recommended release to address the March
    2019 bundle or who have devices that are running Cisco FXOS software are
    advised to upgrade to an appropriate release as indicated in the applicable
    table in this section. In the following tables, the left column lists Cisco
    FXOS and NX-OS Software releases. The right column indicates the first
    release that includes the fix for this vulnerability.

    Firepower 4100 Series and Firepower 9300 Security Appliances: CSCvk50816

    Cisco FXOS Software Release   First Fixed Release for This Vulnerability
    Prior 2.2                     2.2.2.91
    2.2                           2.2.2.91
    2.3                           2.3.1.111
    2.4                           2.4.1.101

    MDS 9000 Series Multilayer Switches: CSCvk50808

    Cisco NX-OS Software Release   First Fixed Release for This Vulnerability
    Prior to 6.2                   6.2(7)
    6.2                            6.2(7)
    7.3                            Not vulnerable
    8.1                            Not vulnerable
    8.2                            Not vulnerable
    8.3                            Not vulnerable

    Nexus 3000 Series Switches and Nexus 9000 Series Switches in Standalone
    NX-OS Mode: CSCvj59436

    Cisco NX-OS Software Release   First Fixed Release for This Vulnerability
    Prior to 7.0(3)I4              7.0(3)I4(9)
    7.0(3)I4                       7.0(3)I4(9)
    7.0(3)I7                       7.0(3)I7(6)
    9.2(1)                         Not vulnerable

    Nexus 3500 Platform Switches: CSCvk50810

    Cisco NX-OS Software Release   First Fixed Release for This Vulnerability
    Prior to 6.0(2)A               6.0(2)A4(1)
    6.0(2)A                        6.0(2)A4(1)
    7.0(3)I4                       7.0(3)I4(9)
    7.0(3)I7                       7.0(3)I7(6)
    9.2                            Not vulnerable


    Nexus 3600 Platform Switches and Nexus 9500 R-Series Switching Platform: 
    CSCvk50838


    Cisco NX-OS Software Release   First Fixed Release for This Vulnerability
    7.0(3)                         7.0(3)F3(5)
    9.2                            Not vulnerable

    Nexus 5500, 5600, and 6000 Series Switches: CSCvj59436

    Cisco NX-OS Software Release   First Fixed Release for This Vulnerability
    Prior to 7.1                   7.1(4)N1(1)
    7.1                            7.1(4)N1(1)
    7.2                            7.3(0)N1(1)
    7.3                            7.3(0)N1(1)

    Nexus 7000 and 7700 Series Switches:    CSCvk50808

    Cisco NX-OS Software Release   First Fixed Release for This Vulnerability
    Prior to 6.2                   6.2(6)
    6.2                            6.2(6)
    7.2                            Not vulnerable
    7.3                            Not vulnerable
    8.0                            Not vulnerable
    8.1                            Not vulnerable
    8.2                            Not vulnerable
    8.3                            Not vulnerable

    UCS 6200 and 6300 Fabric Interconnects: CSCvk50814

    Cisco NX-OS Software Release   First Fixed Release for This Vulnerability
    Prior to 4.0                   4.0(1a)
    4.0                            4.0(1a)


    Additional Resources

    For help determining the best Cisco NX-OS Software release for a Cisco
    Nexus Switch, administrators can refer to the following Recommended
    Releases documents. If a security advisory recommends a later release,
    Cisco recommends following the advisory guidance.

        Cisco MDS Series Switches
        Cisco Nexus 1000V for VMware Switch
        Cisco Nexus 3000 Series and 3500 Series Switches
        Cisco Nexus 5000 Series Switches
        Cisco Nexus 5500 Platform Switches
        Cisco Nexus 6000 Series Switches
        Cisco Nexus 7000 Series Switches
        Cisco Nexus 9000 Series Switches
        Cisco Nexus 9000 Series ACI-Mode Switches

    For help determining the best Cisco NX-OS Software release for Cisco UCS,
    refer to the Recommended Releases documents in the release notes for the
    device.

Exploitation and Public Announcements

  o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
    any public announcements or malicious use of the vulnerability that is
    described in this advisory.

Source

  o This vulnerability was found during internal security testing.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy . This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

URL

  o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190515-nxos-fxos-info

Revision History

  o +----------+---------------------------+----------+--------+--------------+
    | Version  |        Description        | Section  | Status |     Date     |
    +----------+---------------------------+----------+--------+--------------+
    | 1.0      | Initial public release.   | -        | Final  | 2019-May-15  |
    +----------+---------------------------+----------+--------+--------------+

- -------------------------------------------------------------------------------

Cisco FXOS and NX-OS Software Simple Network Management Protocol Denial of
Service Vulnerability

Priority:        High

Advisory ID:     cisco-sa-20190515-nxos-snmp-dos

First Published: 2019 May 15 16:00 GMT

Last Updated:    2019 May 16 13:48 GMT

Version 1.1:     Final

Workarounds:     No workarounds availableCisco Bug IDs:   CSCvc58707 CSCvd45657 CSCvn19457 CSCvn19463CSCvn19464 CSCvn19465 CSCvn19468 CSCvn19483

CVE-2019-1858    

CWE-20

CVSS Score:
8.6  AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:X/RL:X/RC:X

Summary

  o 
    A vulnerability in the Simple Network Management Protocol (SNMP) input
    packet processor of Cisco FXOS Software and Cisco NX-OS Software could
    allow an unauthenticated, remote attacker to cause the SNMP application to
    leak system memory, which could cause an affected device to restart
    unexpectedly.

    The vulnerability is due to improper error handling when processing inbound
    SNMP packets. An attacker could exploit this vulnerability by sending
    multiple crafted SNMP packets to an affected device. A successful exploit
    could allow the attacker to cause the SNMP application to leak system
    memory because of an improperly handled error condition during packet
    processing. Over time, this memory leak could cause the SNMP application to
    restart multiple times, leading to a system-level restart and a denial of
    service (DoS) condition.

    Cisco has released software updates that address this vulnerability. There
    are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190515-nxos-snmp-dos

Affected Products

  o Vulnerable Products

    This vulnerability affects the following Cisco products if they are running
    a vulnerable release of Cisco FXOS or NX-OS Software:

       Firepower 4100 Series
       Firepower 9300 Security Appliances
       MDS 9000 Series Multilayer Switches
       Nexus 1000V Switch for Microsoft Hyper-V
       Nexus 1000V Switch for VMware vSphere
       Nexus 3000 Series Switches
       Nexus 3500 Platform Switches
       Nexus 5500 Platform Switches
       Nexus 5600 Platform Switches
       Nexus 6000 Series Switches
       Nexus 7000 Series Switches
       Nexus 7700 Series Switches
       Nexus 9000 Series Fabric Switches in Application Centric Infrastructure
        (ACI) mode
       Nexus 9000 Series Switches in standalone NX-OS mode
       Nexus 9500 R-Series Switching Platform

    Determining the Status of SNMP

    Administrators can determine whether SNMP is running on a device by using
    the show running-config snmp command in the device CLI. If the command
    returns output, SNMP is configured.

        nxos-switch# show running-config snmp
        .
        .
        .

        snmp-server user admin network-admin auth md5 ***** priv ***** localizedkey
        snmp-server community community-string group network-admin

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory
    are known to be affected by this vulnerability.

    Cisco has confirmed that this vulnerability does not affect the following
    Cisco products:

       Firepower 2100 Series
       Nexus 3600 Platform Switches
       UCS 6200 Series Fabric Interconnects
       UCS 6300 Series Fabric Interconnects
       UCS 6400 Series Fabric Interconnects

Details

  o SNMP is an application-layer protocol that provides a standardized
    framework and a common language for monitoring and managing devices in a
    network. It defines a message format for communication between SNMP
    managers and agents.

    An SNMP agent gathers data from the SNMP MIB, which is the repository of
    information about device parameters and network data. It also responds to
    requests from an SNMP manager to get or set data. An SNMP agent contains
    MIB variables for which values can be requested or changed by an SNMP
    manager by using get or set operations.

    This vulnerability affects all versions of SNMP supported on the
    device-Versions 1, 2c, and 3. An attacker could exploit this vulnerability
    by sending a specific SNMP packet to an affected device via IPv4 or IPv6.
    Only traffic directed to the affected system can be used to exploit this
    vulnerability.

    To exploit this vulnerability, the attacker does not always require valid
    SNMP credentials for the affected system.

Indicators of Compromise

  o Exploitation of this vulnerability could result in the following system log
    error message:

        %SYSMGR-2-SERVICE_CRASHED: Service "snmpd" (PID 25407) hasn't caught signal 6 (core will be saved).

    In addition, there would be an snmpd core file on the device, which can be
    viewed by using the show cores CLI command. If the snmpd core file is
    present, customers are advised to contact the Cisco Technical Assistance
    Center (TAC) to review the file and determine whether the vulnerability has
    been exploited on the device.

        # show cores
        VDC  Module  Instance  Process-name     PID       Date(Year-Month-Day Time)
        ---  ------  --------  ---------------  --------  -------------------------
        1    28      1         snmpd            25407     2017-03-07 14:15:23

Workarounds

  o There are no workarounds that address this vulnerability.

    As a mitigation for the vulnerability that is described in this advisory,
    administrators can configure an access control list (ACL) on an SNMP
    community to filter incoming SNMP requests to ensure that SNMP polling is
    performed only by trusted SNMP clients. In the following example, the
    device will accept incoming SNMP requests only from a single trusted host,
    192.168.1.2:

    switch# show access-list acl_for_snmp
    IPV4 ACL acl_for_snmp
      10 permit udp 192.168.1.2/32 192.168.1.3/32 eq snmp

    To implement the preceding ACL, administrators can add it to the
    snmp-server community configuration command:

    switch# show running-config snmp
    !Command: show running-config snmp
    snmp-server community mycompany
     use-acl acl_for_snmp

    For additional information about configuring ACLs to filter incoming SNMP
    requests, see Filtering SNMP Requests in the NX-OS Configuration Guide .

Fixed Software

  o Cisco has released free software updates that address the vulnerabilities
    described in this advisory. Customers may only install and expect support
    for software versions and feature sets for which they have purchased a
    license. By installing, downloading, accessing, or otherwise using such
    software upgrades, customers agree to follow the terms of the Cisco
    software license: https://www.cisco.com/c/en/us/products/
    end-user-license-agreement.html

    Additionally, customers may only download software for which they have a
    valid license, procured from Cisco directly, or through a Cisco authorized
    reseller or partner. In most cases this will be a maintenance upgrade to
    software that was previously purchased. Free security software updates do
    not entitle customers to a new software license, additional software
    feature sets, or major revision upgrades.

    When considering software upgrades, customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories and Alerts page , to determine exposure and a
    complete upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the Cisco
    Technical Assistance Center (TAC) or their contracted maintenance
    providers.

    Customers Without Service Contracts

    Customers who purchase directly from Cisco but do not hold a Cisco service
    contract and customers who make purchases through third-party vendors but
    are unsuccessful in obtaining fixed software through their point of sale
    should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c
    /en/us/support/web/tsd-cisco-worldwide-contacts.html

    Customers should have the product serial number available and be prepared
    to provide the URL of this advisory as evidence of entitlement to a free
    upgrade.

    Fixed Releases

    No upgrade action is necessary for products that are running Cisco NX-OS
    Software for cases in which customers have already applied a recommended
    Cisco NX-OS Software release to address the March 2019 Cisco FXOS and NX-OS
    Software bundle. See Cisco Event Response: March 2019 Cisco FXOS and NX-OS
    Software Security Advisory Bundled Publication for a list of advisories in
    the bundle.

    Customers who have not applied a recommended release to address the March
    2019 bundle or who have devices that are running Cisco FXOS software are
    advised to upgrade to an appropriate release as indicated in the applicable
    table in this section. In the following tables, the left column lists Cisco
    FXOS and NX-OS Software releases. The right column indicates the first
    release that includes the fix for this vulnerability.

    Firepower 4100 Series and Firepower 9300 Security Appliances: CSCvn19468

    Cisco FXOS Software Release   First Fixed Release for This Vulnerability
    Prior 2.2                     2.2.2.91
    2.2                           2.2.2.91
    2.3                           2.3.1.130
    2.4                           2.4.1.222
    2.6                           2.6.1.131

    MDS 9000 Series Multilayer Switches: CSCvc58707

    Cisco NX-OS Software Release   First Fixed Release for This Vulnerability
    5.2                            6.2(11)
    6.2                            6.2(11)
    8.1                            8.1(1)
    8.2                            Not vulnerable
    8.3                            Not vulnerable

    Nexus 1000V Switch for Microsoft Hyper-V: CSCvn19483

    Cisco NX-OS Software Release   First Fixed Release for This Vulnerability
    Prior to 5.2                   5.2(1)SM3(2.1)
    5.2                            5.2(1)SM3(2.1)

    Nexus 1000V Switch for VMware vSphere: CSCvn19463

    Cisco NX-OS Software Release   First Fixed Release for This Vulnerability
    Prior to 5.2                   5.2(1)SV3(4.1a)
    5.2                            5.2(1)SV3(4.1a)

    Nexus 3000 Series Switches and Nexus 9000 Series Switches in Standalone
    NX-OS Mode: CSCvd45657

    Cisco NX-OS Software Release   First Fixed Release for This Vulnerability
    Prior to 7.0(3)I4              7.0(3)I4(8)
    7.0(3)I4                       7.0(3)I4(8)
    7.0(3)I7                       7.0(3)I7(2)
    9.2(1)                         Not vulnerable

    Nexus 3500 Platform Switches: CSCvn19464

    Cisco NX-OS Software Release   First Fixed Release for This Vulnerability
    Prior to 6.0(2)A8              6.0(2)A8(4)
    6.0(2)A8                       6.0(2)A8(4)
    7.0(3)I7                       7.0(3)I7(2)
    9.2                            Not vulnerable

    Nexus 5500, 5600, and 6000 Series Switches: CSCvn19465

    Cisco NX-OS Software Release   First Fixed Release for This Vulnerability
    Prior to 7.1                   7.1(5)N1(1b)
    7.1                            7.1(5)N1(1b)
    7.3                            7.3(4)N1(1a)

    Nexus 7000 and 7700 Series Switches: CSCvc58707

    Cisco NX-OS Software Release   First Fixed Release for This Vulnerability
    Prior to 6.2                   6.2(10)
    6.2                            6.2(10)
    7.2                            7.2(0)D1(1)
    7.3                            Not vulnerable
    8.0                            8.1(1)
    8.1                            Not vulnerable
    8.2                            Not vulnerable
    8.3                            Not vulnerable

    Nexus 9000 Series Fabric Switches in ACI Mode: CSCvn19457

    Cisco NX-OS Software Release   First Fixed Release for This Vulnerability
    Prior to 13.1                  14.0(2c)
    13.1                           14.0(2c)
    13.2                           14.0(2c)
    14.0                           14.0(2c)
    14.1                           14.1(1i)

    Nexus 9500 R-Series Switching Platform: CSCvd45657

    Cisco NX-OS Software Release   First Fixed Release for This Vulnerability
    7.0(3)                         7.0(3)F3(1)
    9.2                            Not vulnerable


    Additional Resources

    For help determining the best Cisco NX-OS Software release for a Cisco
    Nexus Switch, administrators can refer to the following Recommended
    Releases documents. If a security advisory recommends a later release,
    Cisco recommends following the advisory guidance.

        Cisco MDS Series Switches
        Cisco Nexus 1000V for VMware Switch
        Cisco Nexus 3000 Series and 3500 Series Switches
        Cisco Nexus 5000 Series Switches
        Cisco Nexus 5500 Platform Switches
        Cisco Nexus 6000 Series Switches
        Cisco Nexus 7000 Series Switches
        Cisco Nexus 9000 Series Switches
        Cisco Nexus 9000 Series ACI-Mode Switches

    For help determining the best Cisco NX-OS Software release for Cisco UCS,
    refer to the Recommended Releases documents in the release notes for the
    device.

Exploitation and Public Announcements

  o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
    any public announcements or malicious use of the vulnerability that is
    described in this advisory.

Source

  o This vulnerability was found during internal security testing.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy . This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

URL

  o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190515-nxos-snmp-dos

Revision History

  o +---------+--------------------------+-------------+--------+-------------+
    | Version |       Description        |   Section   | Status |    Date     |
    +---------+--------------------------+-------------+--------+-------------+
    | 1.1     | Added mitigation.        | Workarounds | Final  | 2019-May-16 |
    +---------+--------------------------+-------------+--------+-------------+
    | 1.0     | Initial public release.  | -           | Final  | 2019-May-15 |
    +---------+--------------------------+-------------+--------+-------------+

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXOSO5WaOgq3Tt24GAQirCRAA2FUDhAZ0P7VMIyRtGkIikTW1jMePoKkS
Dc8p9aBj5qt1Orw0OEZ3lVWmy281BCVP/kSwVYxLfnJgCqTZJ2IJL1RpdooVH0Ly
dhjXjBEZmzStbnFEe3MNTH/fkrJtDcLuqUvQs/arfoIjNPzlJsYw2tk7Cx55gBK7
qBcR64RzNlH+ryaNQgcJ/q3OCdUBzKMdIqWUklovGSzeW7mrDdg/3TF0ZtcIWYCe
6IY4A5n+AeKUlXDwg+hA2ubPQiOP+BqY+5kE6um3LZaqbs9ewfWZZtsK0n1S+bmw
LYMUDdgSKm7k3oXLqoOcpI86GHArX10tQOW+/8v+RbFnF9Y2RnwZ7bZpkWRdBGHd
XDnywPEwP9aIXJYrP+kZ8K0Z1pMs2fxK/WevWFMlMb1IgV6v1Fis2Yfqs3KKXdlP
3fQJT2dnsPABhbAKCM94kOnlBIqCgPxahLA8QDnF3uTOvnGMFd5vm1w60KIyPT+z
oe2mufpPIUwoN88CsO38VvY0HWrL6Eu9XjaEyHJjF64Q3Sis/aYgJQneErPtHK56
8qb8fLuyoRyhuCDQc6GO8SQG1sWT5WxGjvXyB/TtTaLUfLpB81rUnpriTtBtzzzz
MqE5NAk0W2Wvbf8FFws2/aDYVaJgAw83g+G6caPjtBCKSi2RRet77idjyvVzRpY0
Ut+4Ju2XKAA=
=I4Ak
-----END PGP SIGNATURE-----