CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:S/C:C/I:C/A:C
EPSS
Percentile
16.6%
A vulnerability in the license installation module of the Cisco Nexus 1000V could allow an authenticated, local attacker to execute arbitrary shell commands.
The vulnerability is due to a failure of the install all iso command to properly validate user-supplied input. An attacker could exploit this vulnerability by providing crafted arguments to the install all iso command.
Cisco has confirmed the vulnerability in a security notice and released software updates.
To exploit this vulnerability, an attacker would need local access to the targeted device, which decreases the likelihood of a successful exploit.
Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | nx_os | 4.2(1)sv1 | cpe:2.3:o:cisco:nx_os:4.2\(1\)sv1:*:*:*:*:*:*:* |
cisco | nx_os | 5.2(1)sm1 | cpe:2.3:o:cisco:nx_os:5.2\(1\)sm1:*:*:*:*:*:*:* |
cisco | nexus_1000v | any | cpe:2.3:h:cisco:nexus_1000v:any:*:*:*:*:nexus_1000v:*:* |
cisco | nx_os | 4.2(1)sv1(4) | cpe:2.3:o:cisco:nx_os:4.2\(1\)sv1\(4\):*:*:*:*:*:*:* |
cisco | nx_os | 4.2(1)sv1(4a) | cpe:2.3:o:cisco:nx_os:4.2\(1\)sv1\(4a\):*:*:*:*:*:*:* |
cisco | nx_os | 4.2(1)sv1(4b) | cpe:2.3:o:cisco:nx_os:4.2\(1\)sv1\(4b\):*:*:*:*:*:*:* |
cisco | nx_os | 4.2(1)sv1(5.1) | cpe:2.3:o:cisco:nx_os:4.2\(1\)sv1\(5.1\):*:*:*:*:*:*:* |
cisco | nx_os | 4.2(1)sv1(5.1a) | cpe:2.3:o:cisco:nx_os:4.2\(1\)sv1\(5.1a\):*:*:*:*:*:*:* |
cisco | nx_os | 4.2(1)sv1(5.2) | cpe:2.3:o:cisco:nx_os:4.2\(1\)sv1\(5.2\):*:*:*:*:*:*:* |
cisco | nx_os | 4.2(1)sv1(5.2b) | cpe:2.3:o:cisco:nx_os:4.2\(1\)sv1\(5.2b\):*:*:*:*:*:*:* |