How severe is CVE-2019-1770?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.2 out of 10.

What type of vulnerability is CVE-2019-1770?

This is classified as CWE-78, which is a common weakness in software security.

CVE-2019-1770 - MEDIUM Severity | CVSS 4.2

Vulnerability Description

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

Related Vulnerabilities

CVE-2024-26023

MEDIUM

CVSS:4.2(Medium)

OS command injection vulnerability in BUFFALO wireless LAN routers allows a logged-in user to execute arbitrary OS commands.

CWE-782024

CVE-2022-33955

MEDIUM

CVSS:4.3(Medium)

IBM CICS TX 11.1 could allow allow an attacker with physical access to the system to execute code due using a back and refresh attack. IBM X-Force ID: 229312.

CWE-782022

CVE-2024-31843

MEDIUM

CVSS:4.1(Medium)

An issue was discovered in Italtel Embrace 1.6.4. The Web application does not properly check the parameters sent as input before they are processed on the server side. This allows authenticated users...

CWE-782024

CVE-2017-6602

MEDIUM

CVSS:4.4(Medium)

A vulnerability in the CLI of Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an auth...

CWE-782017

CVE-2024-20289

MEDIUM

CVSS:4.4(Medium)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to execute arbitrary commands on the underlying operating system of an affected device.&...

CWE-782024

CVE-2025-47203

MEDIUM

CVSS:4.5(Medium)

dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used.

CWE-782025