The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Cisco NX-OS: privilege escalation via VMAN Command Injection

Synthesis of the vulnerability 

An attacker can bypass restrictions via VMAN Command Injection of Cisco NX-OS, in order to escalate his privileges.
Impacted software: Nexus by Cisco, NX-OS.
Severity of this computer vulnerability: 2/4.
Creation date: 26/09/2019.
Références of this announce: cisco-sa-20190925-nxos-vman-cmd-inj, CSCvk76030, CSCvo19193, CVE-2019-12717, VIGILANCE-VUL-30436.

Description of the vulnerability 

An attacker can bypass restrictions via VMAN Command Injection of Cisco NX-OS, in order to escalate his privileges.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer threat impacts software or systems such as Nexus by Cisco, NX-OS.

Our Vigil@nce team determined that the severity of this computer vulnerability alert is medium.

The trust level is of type confirmed by the editor, with an origin of user shell.

An attacker with a expert ability can exploit this cybersecurity weakness.

Solutions for this threat 

Cisco NX-OS: solution CSCvk76030 CSCvo19193.
The solution is described on the Cisco site:
  https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk76030
  https://tools.cisco.com/bugsearch/bug/CSCvk76030
  https://tools.cisco.com/quickview/bug/CSCvk76030
  https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo19193
  https://tools.cisco.com/bugsearch/bug/CSCvo19193
  https://tools.cisco.com/quickview/bug/CSCvo19193
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a software vulnerabilities database. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.