How severe is CVE-2019-1727?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.2 out of 10.

What type of vulnerability is CVE-2019-1727?

This is classified as CWE-264, which is a common weakness in software security.

CVE-2019-1727

MEDIUM Year: 2019

CVSS v3 Score

4.2

Medium

CVSS v2 Score

7.2

High

Weakness Type

CWE-264

View all →

Vulnerability Description

A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and issue arbitrary commands to elevate the attacker's privilege level. The vulnerability is due to insufficient sanitization of user-supplied parameters that are passed to certain Python functions in the scripting sandbox of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands to elevate the attacker's privilege level. To exploit this vulnerability, the attacker must have local access and be authenticated to the targeted device with administrative or Python execution privileges. These requirements could limit the possibility of a successful exploit.

CVE-2015-5233

MEDIUM

CVSS:4.2(Medium)

Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated users with the view_reports permission to read reports from arbitrary ho...

CWE-2642015

CVE-2017-12266

MEDIUM

CVSS:4.2(Medium)

A vulnerability in the routine that loads DLL files in Cisco Meeting App for Windows could allow an authenticated, local attacker to run an executable file with privileges equivalent to those of Cisco...

CWE-2642017

CVE-2019-14879

MEDIUM

CVSS:4.2(Medium)

A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment was removed, the associated capabilities were not being revoke...

CWE-2642019

CVE-2014-6276

MEDIUM

CVSS:4.3(Medium)

schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing ...

CWE-2642014

CVE-2015-0861

MEDIUM

CVSS:4.3(Medium)

model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote authenticated users to bypass intended access restrictions and write ...

CWE-2642015

CVE-2015-3273

MEDIUM

CVSS:4.3(Medium)

mod/forum/post.php in Moodle 2.9.x before 2.9.1 does not consider the mod/forum:canposttomygroups capability before authorizing "Post a copy to all groups" actions, which allows remote authenticated u...

CWE-2642015

CVE-2019-1727

Vulnerability Description

Related Vulnerabilities

CVE-2015-5233

CVE-2017-12266

CVE-2019-14879

CVE-2014-6276

CVE-2015-0861

CVE-2015-3273