CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:S/C:C/I:C/A:C
EPSS
Percentile
15.7%
A vulnerability in the license installation module of Cisco Nexus 1000V could allow an authenticated, local attacker to execute arbitrary shell commands.
The vulnerability is due to a failure of the install license command to properly validate user-supplied input. An attacker could exploit this vulnerability by providing crafted arguments to the install license command.
Cisco has confirmed the vulnerability in a security notice and released software updates.
Only users who could access a device and authenticate with sufficient privileges to execute the vulnerable command could exploit this vulnerability. The access requirement greatly limits the sources of potential attacks.