Cisco Nexus 9000 Series Fabric Switches 输入验证错误漏洞

CNNVD-ID编号	CNNVD-201903-166
CVE编号	CVE-2019-1588
发布时间	2019-03-06
更新时间	2020-10-20
漏洞类型	输入验证错误
漏洞来源	Nicolas Biscos and Ga?tan Ferry from Synacktiv .,Nicolas Biscos and Ga??tan Ferry from Synacktiv
危险等级	中危
威胁类型	本地
厂商	N/A

漏洞介绍

Cisco Nexus 9000 Series Fabric Switches（处于Application-Centric Infrastructure (ACI)模式）中的NX-OS Software存在输入验证漏洞，该漏洞源于对用户提交的输入程序缺少输入和验证检查机制。本地攻击者可利用该漏洞在受影响设备上读取任意文件。

漏洞补丁

目前厂商已发布升级了Cisco Nexus 9000 Series Fabric Switches 输入验证错误漏洞的补丁，Cisco Nexus 9000 Series Fabric Switches 输入验证错误漏洞的补丁获取链接：

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-aci-file-read

参考网址

来源:Cisco Nexus 9000 Series Fabric Switches CVE-2019-1588 Arbitrary File Read VulnerabilityReferences: Cisco Homepage (Cisco )cisco-sa-20190306-aci-file-read: Cisco Nexus 9000 Series Fabric Switches Applica (Cisco)

链接：链接:无
来源:CISCO

链接：https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-aci-file-read
来源:BID

链接：https://www.securityfocus.com/bid/107316
来源:tools.cisco.com

链接：https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-aci-controller-privsec
来源:vigilance.fr

链接：https://vigilance.fr/vulnerability/Cisco-NX-OS-Nexus-multiple-vulnerabilities-28681
来源:nvd.nist.gov

链接：https://nvd.nist.gov/vuln/detail/CVE-2019-1588
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/76638

受影响实体

暂无

信息来源

http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201903-166