Lucene search
CiscoCISCO-SA-NXOS-CMDINJ-LQ6JSZHHHistoryAug 28, 2024 - 4:00 p.m.
Cisco NX-OS Software Command Injection Vulnerability
2024-08-2816:00:00
tools.cisco.com
5
cisco
nx-os
software
command injection
vulnerability
authenticated
local attacker
arbitrary commands
operating system
software updates
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to execute arbitrary commands on the underlying operating system of an affected device.
This vulnerability is due to insufficient validation of arguments for a specific CLI command. An attacker could exploit this vulnerability by including crafted input as the argument of the affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the currently logged-in user.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cmdinj-Lq6jsZhH [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cmdinj-Lq6jsZhH”]
This advisory is part of the August 2024 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: August 2024 Semiannual Cisco FXOS and NX-OS Software Security Advisory Bundled Publication [“https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75417”].
Affected configurations
Node
ciscocisco_nx-os_softwareMatch9.3
ORciscocisco_nx-os_softwareMatch10.1
ORciscocisco_nx-os_softwareMatch10.2
ORciscocisco_nx-os_softwareMatch10.3
ORciscocisco_nx-os_softwareMatch10.4
ORcisconexus_3000Matchany
ORcisconexus_9000Matchany
ORciscounified_computing_systemMatchany
ORcisconx_osMatch16.0
ORcisconexus_9000Matchany
ORciscocisco_nx-os_softwareMatch9.3\(3\)
ORciscocisco_nx-os_softwareMatch9.3\(4\)
ORciscocisco_nx-os_softwareMatch9.3\(5\)
ORciscocisco_nx-os_softwareMatch9.3\(6\)
ORciscocisco_nx-os_softwareMatch9.3\(5w\)
ORciscocisco_nx-os_softwareMatch9.3\(7\)
ORciscocisco_nx-os_softwareMatch9.3\(7k\)
ORciscocisco_nx-os_softwareMatch9.3\(7a\)
ORciscocisco_nx-os_softwareMatch9.3\(8\)
ORciscocisco_nx-os_softwareMatch9.3\(9\)
ORciscocisco_nx-os_softwareMatch9.3\(10\)
ORciscocisco_nx-os_softwareMatch9.3\(11\)
ORciscocisco_nx-os_softwareMatch9.3\(12\)
ORciscocisco_nx-os_softwareMatch10.1\(1\)
ORciscocisco_nx-os_softwareMatch10.1\(2\)
ORciscocisco_nx-os_softwareMatch10.1\(2t\)
ORciscocisco_nx-os_softwareMatch10.2\(1\)
ORciscocisco_nx-os_softwareMatch10.2\(1q\)
ORciscocisco_nx-os_softwareMatch10.2\(2\)
ORciscocisco_nx-os_softwareMatch10.2\(3\)
ORciscocisco_nx-os_softwareMatch10.2\(2a\)
ORciscocisco_nx-os_softwareMatch10.2\(3t\)
ORciscocisco_nx-os_softwareMatch10.2\(4\)
ORciscocisco_nx-os_softwareMatch10.2\(5\)
ORciscocisco_nx-os_softwareMatch10.2\(3v\)
ORciscocisco_nx-os_softwareMatch10.2\(6\)
ORciscocisco_nx-os_softwareMatch10.3\(1\)
ORciscocisco_nx-os_softwareMatch10.3\(2\)
ORciscocisco_nx-os_softwareMatch10.3\(3\)
ORciscocisco_nx-os_softwareMatch10.3\(99w\)
ORciscocisco_nx-os_softwareMatch10.3\(3w\)
ORciscocisco_nx-os_softwareMatch10.3\(99x\)
ORciscocisco_nx-os_softwareMatch10.3\(3o\)
ORciscocisco_nx-os_softwareMatch10.3\(4a\)
ORciscocisco_nx-os_softwareMatch10.3\(3p\)
ORciscocisco_nx-os_softwareMatch10.3\(4\)
ORciscocisco_nx-os_softwareMatch10.3\(3q\)
ORciscocisco_nx-os_softwareMatch10.3\(3x\)
ORciscocisco_nx-os_softwareMatch10.3\(4g\)
ORciscocisco_nx-os_softwareMatch10.3\(3r\)
ORciscocisco_nx-os_softwareMatch10.3\(4h\)
ORciscocisco_nx-os_softwareMatch10.4\(1\)
ORciscocisco_nx-os_softwareMatch10.4\(2\)
ORcisconx-os_for_nexus_5600_platform_switchesMatch3000_series_switches
ORcisconx-os_for_nexus_5600_platform_switchesMatch9000_series_switches
ORciscounified_computing_systemMatchany
ORcisconx_osMatch16.0\(2h\)
ORcisconx_osMatch16.0\(2j\)
ORcisconx_osMatch16.0\(3d\)
ORcisconx_osMatch16.0\(3e\)
ORcisconx_osMatch16.0\(4c\)
ORcisconx_osMatch16.0\(5h\)
ORcisconx_osMatch16.0\(3g\)
ORcisconx_osMatch16.0\(5j\)
ORcisconx-os_for_nexus_5600_platform_switchesMatch9000_series_switches
ORcisconx-osMatch3000_series_switchesnexus_9000_series
ORcisconx-osMatch9000_series_switchesnexus_9000_series
ORcisconx-osMatch3000_series_switchesnexus_9000_series
ORcisconx-osMatch9000_series_switchesnexus_9000_series
ORcisconx-osMatch3000_series_switchesnexus_9000_series
ORcisconx-osMatch9000_series_switchesnexus_9000_series
ORcisconx-osMatch3000_series_switchesnexus_9000_series
ORcisconx-osMatch9000_series_switchesnexus_9000_series
ORcisconx-osMatch9000_series_switchesnexus_9000_series
ORcisconx-osMatch3000_series_switches7\(2a\)
ORcisconx-osMatch9000_series_switches7\(2a\)
ORcisconx-osMatch3000_series_switchesnexus_9000_series
ORcisconx-osMatch9000_series_switchesnexus_9000_series
ORcisconx-osMatch3000_series_switchesnexus_9000_series
ORcisconx-osMatch9000_series_switchesnexus_9000_series
ORcisconx-osMatch3000_series_switchesnexus_9000_series
ORcisconx-osMatch9000_series_switchesnexus_9000_series
ORcisconx-osMatch3000_series_switchesnexus_9000_series
ORcisconx-osMatch9000_series_switchesnexus_9000_series
ORcisconx-osMatch3000_series_switchesnexus_9000_series
ORcisconx-osMatch9000_series_switchesnexus_9000_series
ORcisconx-osMatch3000_series_switchesnexus_9000_series
ORcisconx-osMatch9000_series_switchesnexus_9000_series
ORcisconx-osMatch3000_series_switchesnexus_9000_series
ORcisconx-osMatch9000_series_switchesnexus_9000_series
ORcisconx-osMatch3000_series_switchesnexus_9000_series
ORcisconx-osMatch9000_series_switchesnexus_9000_series
ORcisconx-osMatch3000_series_switchesnexus_9000_series
ORcisconx-osMatch9000_series_switchesnexus_9000_series
ORcisconx-osMatch3000_series_switchesnexus_9000_series
ORcisconx-osMatch3000_series_switchesnexus_9000_series
ORcisconx-osMatch9000_series_switchesnexus_9000_series
ORcisconx-osMatch9000_series_switchesnexus_9000_series
ORcisconx-osMatch3000_series_switchesnexus_9000_series
ORcisconx-osMatch9000_series_switchesnexus_9000_series
ORcisconx-osMatch3000_series_switchesnexus_9000_series
ORcisconx-osMatch9000_series_switchesnexus_9000_series
ORcisconx-osMatch9000_series_switches7\(2a\)
ORcisconx-osMatch3000_series_switchesnexus_9000_series
ORcisconx-osMatch3000_series_switchesnexus_9000_series
ORcisconx-osMatch9000_series_switchesnexus_9000_series
ORcisconx-osMatch3000_series_switchesnexus_9000_series
ORcisconx-osMatch9000_series_switchesnexus_9000_series
ORcisconx-osMatch3000_series_switchesnexus_9000_series
ORcisconx-osMatch3000_series_switchesnexus_9000_series
ORcisconx-osMatch9000_series_switchesnexus_9000_series
ORcisconx-osMatch3000_series_switchesnexus_9000_series
ORcisconx-osMatch9000_series_switchesnexus_9000_series
ORcisconx-osMatch3000_series_switchesnexus_9000_series
ORcisconx-osMatch9000_series_switchesnexus_9000_series
ORcisconx-osMatch3000_series_switchesnexus_9000_series
ORcisconx-osMatch9000_series_switchesnexus_9000_series
ORcisconx-osMatch9000_series_switchesnexus_9000_series
ORcisconx-osMatch9000_series_switchesnexus_9000_series
ORcisconx-osMatch9000_series_switchesnexus_9000_series
ORcisconx-osMatch9000_series_switchesnexus_9000_series
ORcisconx-osMatch3000_series_switchesnexus_9000_series
ORcisconx-osMatch9000_series_switchesnexus_9000_series
ORcisconx-osMatch9000_series_switchesnexus_9000_series
ORcisconx-osMatch3000_series_switchesnexus_9000_series
ORcisconx-osMatch9000_series_switchesnexus_9000_series
ORcisconx-osMatch9000_series_switchesnexus_9000_series
ORcisconx-osMatch9000_series_switchesnexus_9000_series
ORcisconx-osMatch9000_series_switchesnexus_9000_series
ORcisconx-osMatch9000_series_switchesnexus_9000_series
ORcisconx-osMatch9000_series_switchesnexus_9000_series
ORcisconx-osMatch3000_series_switchesnexus_9000_series
ORcisconx-osMatch9000_series_switchesnexus_9000_series
ORcisconx-osMatch3000_series_switchesnexus_9000_series
ORcisconx-osMatch9000_series_switchesnexus_9000_series
ORcisconx-osMatch9000_series_switchesnexus_9000_series
ORcisconx-osMatch9000_series_switchesnexus_9000_series
ORcisconx-osMatch9000_series_switchesnexus_9000_series
ORcisconx-osMatch9000_series_switchesnexus_9000_series
ORcisconx-osMatch9000_series_switchesnexus_9000_series
ORcisconx-osMatch9000_series_switchesnexus_9000_series
ORcisconx-osMatch9000_series_switchesnexus_9000_series
ORcisconx-osMatch9000_series_switchesnexus_9000_series
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | cisco_nx-os_software | 9.3 | cpe:2.3:a:cisco:cisco_nx-os_software:9.3:*:*:*:*:*:*:* |
| cisco | cisco_nx-os_software | 10.1 | cpe:2.3:a:cisco:cisco_nx-os_software:10.1:*:*:*:*:*:*:* |
| cisco | cisco_nx-os_software | 10.2 | cpe:2.3:a:cisco:cisco_nx-os_software:10.2:*:*:*:*:*:*:* |
| cisco | cisco_nx-os_software | 10.3 | cpe:2.3:a:cisco:cisco_nx-os_software:10.3:*:*:*:*:*:*:* |
| cisco | cisco_nx-os_software | 10.4 | cpe:2.3:a:cisco:cisco_nx-os_software:10.4:*:*:*:*:*:*:* |
| cisco | nexus_3000 | any | cpe:2.3:h:cisco:nexus_3000:any:*:*:*:*:*:*:* |
| cisco | nexus_9000 | any | cpe:2.3:h:cisco:nexus_9000:any:*:*:*:*:*:*:* |
| cisco | unified_computing_system | any | cpe:2.3:h:cisco:unified_computing_system:any:*:*:*:*:*:*:* |
| cisco | nx_os | 16.0 | cpe:2.3:o:cisco:nx_os:16.0:*:*:*:*:*:*:* |
| cisco | cisco_nx-os_software | 9.3(3) | cpe:2.3:a:cisco:cisco_nx-os_software:9.3\(3\):*:*:*:*:*:*:* |
Related
vulnrichment
vulnrichment
CVE-2024-20289 Cisco NX-OS Software Command Injection Vulnerability
2024-08-28 16:31:23
cvelist
cvelist
CVE-2024-20289 Cisco NX-OS Software Command Injection Vulnerability
2024-08-28 16:31:23
cve
cve
CVE-2024-20289
2024-08-28 17:15:09
nvd
nvd
CVE-2024-20289
2024-08-28 17:15:09