Lucene search

K
ciscoCiscoCISCO-SA-20171129-NXOS3
HistoryNov 29, 2017 - 4:00 p.m.

Cisco NX-OS System Software CLI Command Injection Vulnerability

2017-11-2916:00:00
tools.cisco.com
19
cisco nx-os
command injection
vulnerability
input validation
administrator credentials

EPSS

0

Percentile

5.1%

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. An attacker would need valid administrator credentials to perform this exploit.

The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to execute arbitrary commands as root.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos3 [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos3”]

Affected configurations

Vulners
Node
ciscocisco_nx-os_softwareMatchany
OR
ciscocisco_nx-os_softwareMatchany
VendorProductVersionCPE
ciscocisco_nx-os_softwareanycpe:2.3:a:cisco:cisco_nx-os_software:any:*:*:*:*:*:*:*

EPSS

0

Percentile

5.1%

Related for CISCO-SA-20171129-NXOS3