Lucene search

CiscoCISCO-SA-20180620-NX-OS-CLI-INJECTION

HistoryJun 20, 2018 - 4:00 p.m.

Cisco NX-OS Software CLI Arbitrary Command Injection Vulnerability

2018-06-2016:00:00

tools.cisco.com

0.0004 Low

EPSS

Percentile

5.2%

JSON

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device.

The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker, authenticated as a privileged user, to execute arbitrary commands with root privileges.

Note: On products that support multiple virtual device contexts (VDC), this vulnerability could allow an attacker to access files from any VDC.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-cli-injection [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-cli-injection”]

This advisory is part of the June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection, which includes 24 Cisco Security Advisories that describe 24 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection [“https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-67770”].

Affected configurations

Vulners

Node

cisconx-osMatch6.1nexus_9000_series

cisconx-osMatch6.0\(2\)n1nexus_9000_series

cisconx-osMatch6.0\(2\)n2nexus_9000_series

cisconx-osMatch6.1\(2\)i1nexus_9000_series

cisconx-osMatch6.1\(2\)i3nexus_9000_series

cisconx-osMatch7.0nexus_9000_series

cisconx-osMatch7.0\(2\)i2nexus_9000_series

cisconx-osMatch7.0\(2\)n1nexus_9000_series

cisconx-osMatch7.0\(6\)n1nexus_9000_series

cisconx-osMatch7.1\(0\)n1nexus_9000_series

cisconx-osMatch7.1\(3\)n1nexus_9000_series

cisconx-osMatch7.1\(4\)n1nexus_9000_series

cisconx-osMatch7.3\(1\)d1nexus_9000_series

cisconx-osMatch7.3\(1\)n1nexus_9000_series

cisconx-osMatch7.3\(2\)d1nexus_9000_series

cisconx-osMatch6.1\(3\)s6nexus_9000_series

cisconx-osMatch6.0\(2\)n1\(1\)nexus_9000_series

cisconx-osMatch6.0\(2\)n1\(2\)nexus_9000_series

cisconx-osMatch6.0\(2\)n1\(2a\)nexus_9000_series

cisconx-osMatch6.0\(2\)n2\(1\)nexus_9000_series

cisconx-osMatch6.0\(2\)n2\(1b\)nexus_9000_series

cisconx-osMatch6.0\(2\)n2\(2\)nexus_9000_series

cisconx-osMatch6.0\(2\)n2\(3\)nexus_9000_series

cisconx-osMatch6.0\(2\)n2\(4\)nexus_9000_series

cisconx-osMatch6.0\(2\)n2\(5\)nexus_9000_series

cisconx-osMatch6.0\(2\)n2\(5a\)nexus_9000_series

cisconx-osMatch6.0\(2\)n2\(6\)nexus_9000_series

cisconx-osMatch6.0\(2\)n2\(7\)nexus_9000_series

cisconx-osMatch6.1\(2\)i1\(1\)nexus_9000_series

cisconx-osMatch6.1\(2\)i3\(3.78\)nexus_9000_series

cisconx-osMatch6.1\(2\)i3\(3b\)nexus_9000_series

cisconx-osMatch7.0\(3\)nexus_9000_series

cisconx-osMatch7.0\(2\)i2\(2c\)nexus_9000_series

cisconx-osMatch7.0\(2\)n1\(1a\)nexus_9000_series

cisconx-osMatch7.0\(6\)n1\(1c\)nexus_9000_series

cisconx-osMatch7.1\(0\)n1\(2\)nexus_9000_series

cisconx-osMatch7.1\(3\)n1\(1b\)nexus_9000_series

cisconx-osMatch7.1\(4\)n1\(1e\)nexus_9000_series

cisconx-osMatch7.3\(1\)d1\(1b\)nexus_9000_series

cisconx-osMatch7.3\(1\)n1\(0.1\)nexus_9000_series

cisconx-osMatch7.3\(2\)d1\(1a\)nexus_9000_series

CPENameOperatorVersion
cisco nx-os softwareeq6.1
cisco nx-os softwareeq6.0(2)N1
cisco nx-os softwareeq6.0(2)N2
cisco nx-os softwareeq6.1(2)I1
cisco nx-os softwareeq6.1(2)I3
cisco nx-os softwareeq7.0
cisco nx-os softwareeq7.0(2)I2
cisco nx-os softwareeq7.0(2)N1
cisco nx-os softwareeq7.0(6)N1
cisco nx-os softwareeq7.1(0)N1

Name	Operator	Version
cisco nx-os software	eq	6.1
cisco nx-os software	eq	6.0(2)N1
cisco nx-os software	eq	6.0(2)N2
cisco nx-os software	eq	6.1(2)I1
cisco nx-os software	eq	6.1(2)I3
cisco nx-os software	eq	7.0
cisco nx-os software	eq	7.0(2)I2
cisco nx-os software	eq	7.0(2)N1
cisco nx-os software	eq	7.0(6)N1
cisco nx-os software	eq	7.1(0)N1