Rewterz Threat Advisory – CVE-2019-5586 & CVE-2019-5588 – Fortinet FortiOS Cross-Site Scripting Vulnerabilities
May 28, 2019Rewterz Threat Alert – CrySIS (aka Dharma) Ransomware Active Again
May 29, 2019Rewterz Threat Advisory – CVE-2019-5586 & CVE-2019-5588 – Fortinet FortiOS Cross-Site Scripting Vulnerabilities
May 28, 2019Rewterz Threat Alert – CrySIS (aka Dharma) Ransomware Active Again
May 29, 2019Severity
Medium
Analysis Summary
The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system of an attached line card with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.
Impact
- Execute arbitrary commands
Affected Vendors
Cisco
Affected Products
- Cisco Nexus 3000 Series Switches
- Cisco Nexus 3500 Platform Switches
- Nexus 3600 Platform Switches
- Cisco Nexus 9000 Series Switches in standalone NX-OS mode
- Nexus 9500 R-Series Switching Platform
Remediation
Vendor has released updates for the following products.
For updates visit vendor’s advisory: