Rewterz

Rewterz Threat Advisory – CVE-2019-1917 – Cisco Vision Dynamic Signage Director REST API Authentication Bypass Vulnerability

July 18, 2019
Rewterz

Rewterz Threat Advisory – CVE-2019-7590 – Johnson Controls exacqVision Server Vulnerability

July 19, 2019

Rewterz Threat Advisory – CVE-2019-1784 – Cisco NX-OS Software Command Injection Vulnerability

Severity

Medium

Analysis Summary

The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

Impact

Execute arbitrary commands

Affected Vendors

Cisco

Affected Products

Cisco NX-OS

Remediation

Please see vendor’s advisory for more details

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmd-inject-1784

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.