Cisco Nexus Devices Python Subsystem Local Privilege Escalation Vulnerabilities

2015-06-30T22:03:04
ID CISCO-SA-20150630-CVE-2015-4234
Type cisco
Reporter Cisco
Modified 2015-06-30T22:01:07

Description

Multiple privilege escalation vulnerabilities in the Python subsystem of Cisco Nexus devices running Cisco NX-OS Software could allow an authenticated, local attacker to gain elevated privileges.

The vulnerabilities are due to insufficient hardening of the operating system on which NX-OS is based. An attacker who has sufficient privileges to execute arbitrary Python scripts on an affected device could use this access to obtain root privileges.

Cisco has confirmed the vulnerability; however, software updates are not available.

To exploit these vulnerabilities, an attacker must have local access and authenticate to the targeted device. These requirements could limit the possibility of a successful exploit.

Cisco would like to thank Jens Krabbenhoeft for discovering and reporting this vulnerability.