Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
High
Attack Vector
Local
0

CVE-2019-12662

Disclosure Date: September 25, 2019
CVE-2019-12662 CVSS v3 Base Score: 6.7
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper signature verification during the installation of an Open Virtual Appliance (OVA) image. An authenticated, local attacker could exploit this vulnerability and load a malicious, unsigned OVA image on an affected device. A successful exploit could allow an attacker to perform code execution on a crafted software OVA image.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
6.7 Medium
Impact Score:
5.9
Exploitability Score:
0.8
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
High
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
Cisco NX-OS Software 6.0(2)A1(1) n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • cisco

Products

  • ios xe 16.8.1,
  • nexus 3016 firmware -,
  • nexus 3048 firmware -,
  • nexus 3064 firmware -,
  • nexus 3064-t firmware -,
  • nexus 31108pc-v firmware -,
  • nexus 31108tc-v firmware -,
  • nexus 31128pq firmware -,
  • nexus 3132c-z firmware -,
  • nexus 3132q firmware -,
  • nexus 3132q-v firmware -,
  • nexus 3132q-xl firmware -,
  • nexus 3164q firmware -,
  • nexus 3172 firmware -,
  • nexus 3172pq-xl firmware -,
  • nexus 3172tq firmware -,
  • nexus 3172tq-32t firmware -,
  • nexus 3172tq-xl firmware -,
  • nexus 3232c firmware -,
  • nexus 3264c-e firmware -,
  • nexus 3264q firmware -,
  • nexus 3408-s firmware -,
  • nexus 34180yc firmware -,
  • nexus 34200yc-sm firmware -,
  • nexus 3432d-s firmware -,
  • nexus 3464c firmware -,
  • nexus 3524 firmware -,
  • nexus 3524-x firmware -,
  • nexus 3524-xl firmware -,
  • nexus 3548 firmware -,
  • nexus 3548-x firmware -,
  • nexus 3548-xl firmware -,
  • nexus 5548p firmware -,
  • nexus 5548up firmware -,
  • nexus 5596t firmware -,
  • nexus 5596up firmware -,
  • nexus 56128p firmware -,
  • nexus 5624q firmware -,
  • nexus 5648q firmware -,
  • nexus 5672up firmware -,
  • nexus 5696q firmware -,
  • nexus 6001 firmware -,
  • nexus 6004 firmware -,
  • nexus 7000 10-slot firmware -,
  • nexus 7000 18-slot firmware -,
  • nexus 7000 4-slot firmware -,
  • nexus 7000 9-slot firmware -,
  • nexus 7700 10-slot firmware -,
  • nexus 7700 18-slot firmware -,
  • nexus 7700 2-slot firmware -,
  • nexus 7700 6-slot firmware -,
  • nx-os 8.1(0)bd(0.20),
  • nx-os 8.1(0.2)s0,
  • nx-os 8.1(1),
  • nx-os 8.1(1)s5

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis