How severe is CVE-2019-1730?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6 out of 10.

What type of vulnerability is CVE-2019-1730?

This is classified as CWE-264, which is a common weakness in software security.

CVE-2019-1730

MEDIUM Year: 2019

CVSS v3 Score

6.0

Medium

CVSS v2 Score

7.2

High

Weakness Type

CWE-264

View all →

Vulnerability Description

A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to bypass the limited command set of the restricted Guest Shell and execute commands at the privilege level of a network-admin user outside of the Guest Shell. The attacker must authenticate with valid administrator device credentials. The vulnerability is due to the incorrect implementation of a CLI command that allows a Bash command to be incorrectly invoked on the Guest Shell CLI. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the Guest Shell prompt. A successful exploit could allow the attacker to issue commands that should be restricted by a Guest Shell account.

CVE-2024-20370

MEDIUM

CVSS:6.0(Medium)

A vulnerability in the Cisco FXOS CLI feature on specific hardware platforms for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authe...

CWE-2642024

CVE-2015-3229

MEDIUM

CVSS:5.9(Medium)

fedora-cloud-atomic.ks in spin-kickstarts allows remote attackers to conduct man-in-the-middle attacks by leveraging use of HTTP to download Fedora Atomic updates.

CWE-2642015

CVE-2016-0812

MEDIUM

CVSS:6.1(Medium)

The interceptKeyBeforeDispatching function in policy/src/com/android/internal/policy/impl/PhoneWindowManager.java in Setup Wizard in Android 5.1.x before 5.1.1 LMY49G and 6.0 before 2016-02-01 does no...

CWE-2642016

CVE-2016-0813

MEDIUM

CVSS:6.1(Medium)

packages/SystemUI/src/com/android/systemui/recents/AlternateRecentsComponent.java in Setup Wizard in Android 5.1.x before 5.1.1 LMY49G and 6.x before 2016-02-01 does not properly check for device prov...

CWE-2642016

CVE-2016-2421

MEDIUM

CVSS:6.1(Medium)

Setup Wizard in Android 5.1.x before 5.1.1 and 6.x before 2016-04-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified v...

CWE-2642016

CVE-2016-2423

MEDIUM

CVSS:6.1(Medium)

server/telecom/CallsManager.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider whether a device is provisioned,...

CWE-2642016

CVE-2019-1730

Vulnerability Description

Related Vulnerabilities

CVE-2024-20370

CVE-2015-3229

CVE-2016-0812

CVE-2016-0813

CVE-2016-2421

CVE-2016-2423