How severe is CVE-2019-1602?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2019-1602?

This is classified as CWE-264, which is a common weakness in software security.

CVE-2019-1602 - HIGH Severity | CVSS 7.8

Vulnerability Description

A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive data that could be used to elevate their privileges to administrator. The vulnerability is due to improper implementation of filesystem permissions. An attacker could exploit this vulnerability by logging in to the CLI of an affected device, accessing a specific file, and leveraging this information to authenticate to the NX-API server. A successful exploit could allow an attacker to make configuration changes as administrator. Note: NX-API is disabled by default. Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).

Related Vulnerabilities

CVE-2008-1246

HIGH

CVSS:7.8(High)

The Cisco PIX/ASA Finesse Operation System 7.1 and 7.2 allows local users to gain privileges by entering characters at the enable prompt, erasing these characters via the Backspace key, and then holdi...

CWE-2642008

CVE-2010-2554

HIGH

CVSS:7.8(High)

The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain ...

CWE-2642010

CVE-2013-3024

HIGH

CVSS:7.8(High)

IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on UNIX allows local users to gain privileges by leveraging improper process initialization. IBM X-Force ID: 84362.

CWE-2642013

CVE-2013-6876

HIGH

CVSS:7.8(High)

The (1) pty_init_terminal and (2) pipe_init_terminal functions in main.c in s3dvt 0.2.2 and earlier allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and ear...

CWE-2642013

CVE-2014-10070

HIGH

CVSS:7.8(High)

zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). That could allow local privilege escalation, ...

CWE-2642014

CVE-2014-1226

HIGH

CVSS:7.8(High)

The pipe_init_terminal function in main.c in s3dvt allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: This vulnerability exists because of ...

CWE-2642014