Lucene search
HistoryMar 28, 2015 - 1:59 a.m.
CVE-2015-0658
cisco
nx-os
dhcp
cve-2015-0658
remote attack
arbitrary commands
7.9 High
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:M/Au:N/C:C/I:C/A:C
7.6 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
57.4%
The DHCP implementation in the PowerOn Auto Provisioning (POAP) feature in Cisco NX-OS does not properly restrict the initialization process, which allows remote attackers to execute arbitrary commands as root by sending crafted response packets on the local network, aka Bug ID CSCur14589.
Affected configurations
Node
cisconx-osMatch6.1\(2\)
ORcisconx-osMatch6.1\(3\)
ORcisconx-osMatch6.1\(4\)
ORcisconx-osMatch6.1\(4a\)
ORcisconx-osMatch6.2\(2\)
ORcisconx-osMatch6.2\(2a\)
ORcisconx-osMatch6.2\(6\)
ORcisconx-osMatch6.2\(6b\)
ORcisconx-osMatch6.2\(8\)
ORcisconx-osMatch6.2\(8a\)
ORcisconx-osMatch6.2\(8b\)
cisconexus_7000
ORcisconexus_7700
Node
cisconx-osMatch6.0\(2\)n1\(1\)
ORcisconx-osMatch6.0\(2\)n1\(2\)
ORcisconx-osMatch6.0\(2\)n1\(2a\)
ORcisconx-osMatch6.0\(2\)n2\(1\)
ORcisconx-osMatch6.0\(2\)n2\(1b\)
ORcisconx-osMatch6.0\(2\)n2\(2\)
ORcisconx-osMatch6.0\(2\)n2\(3\)
ORcisconx-osMatch6.0\(2\)n2\(4\)
ORcisconx-osMatch6.0\(2\)n2\(5\)
ORcisconx-osMatch7.0\(0\)n1\(1\)
ORcisconx-osMatch7.0\(1\)n1\(1\)
ORcisconx-osMatch7.0\(2\)n1\(1\)
ORcisconx-osMatch7.0\(3\)n1\(1\)
cisconexus_5010
ORcisconexus_5020
ORcisconexus_5548p
ORcisconexus_5548up
ORcisconexus_5596t
ORcisconexus_5596up
ORcisconexus_56128p
ORcisconexus_5624q
ORcisconexus_5648q
ORcisconexus_5672up
ORcisconexus_5696q
Node
cisconx-osMatch6.0\(2\)n1\(2\)
ORcisconx-osMatch6.0\(2\)n1\(2a\)
ORcisconx-osMatch6.0\(2\)n2\(1\)
ORcisconx-osMatch6.0\(2\)n2\(1b\)
ORcisconx-osMatch6.0\(2\)n2\(2\)
ORcisconx-osMatch6.0\(2\)n2\(3\)
ORcisconx-osMatch6.0\(2\)n2\(4\)
ORcisconx-osMatch6.0\(2\)n2\(5\)
ORcisconx-osMatch7.0\(0\)n1\(1\)
ORcisconx-osMatch7.0\(1\)n1\(1\)
ORcisconx-osMatch7.0\(2\)n1\(1\)
ORcisconx-osMatch7.0\(3\)n1\(1\)
cisconexus_6001
ORcisconexus_6004
Node
cisconx-osMatch6.1\(2\)i2\(1\)
ORcisconx-osMatch6.1\(2\)i2\(2\)
ORcisconx-osMatch6.1\(2\)i2\(2a\)
ORcisconx-osMatch6.1\(2\)i2\(2b\)
ORcisconx-osMatch6.1\(2\)i2\(3\)
ORcisconx-osMatch6.1\(2\)i3\(1\)
ORcisconx-osMatch6.1\(2\)i3\(2\)
ORcisconx-osMatch6.1\(2\)i3\(3\)
ORcisconx-osMatch11.0\(1b\)
ORcisconx-osMatch11.0\(1c\)
cisconexus_93120tx
ORcisconexus_93128tx
ORcisconexus_9332pq
ORcisconexus_9336pq_aci_spine
ORcisconexus_9372px
ORcisconexus_9372tx
ORcisconexus_9396px
ORcisconexus_9396tx
ORcisconexus_9504
ORcisconexus_9508
ORcisconexus_9516
Node
cisconx-osMatch5.0\(3\)u3\(1\)
ORcisconx-osMatch5.0\(3\)u3\(2\)
ORcisconx-osMatch5.0\(3\)u3\(2a\)
ORcisconx-osMatch5.0\(3\)u3\(2b\)
ORcisconx-osMatch5.0\(3\)u4\(1\)
ORcisconx-osMatch5.0\(3\)u5\(1\)
ORcisconx-osMatch5.0\(3\)u5\(1a\)
ORcisconx-osMatch5.0\(3\)u5\(1b\)
ORcisconx-osMatch5.0\(3\)u5\(1c\)
ORcisconx-osMatch5.0\(3\)u5\(1d\)
ORcisconx-osMatch5.0\(3\)u5\(1e\)
ORcisconx-osMatch5.0\(3\)u5\(1f\)
ORcisconx-osMatch5.0\(3\)u5\(1g\)
ORcisconx-osMatch5.0\(3\)u5\(1h\)
ORcisconx-osMatch6.0\(2\)u1\(1\)
ORcisconx-osMatch6.0\(2\)u1\(1a\)
ORcisconx-osMatch6.0\(2\)u1\(2\)
ORcisconx-osMatch6.0\(2\)u1\(3\)
ORcisconx-osMatch6.0\(2\)u1\(4\)
ORcisconx-osMatch6.0\(2\)u2\(1\)
ORcisconx-osMatch6.0\(2\)u2\(2\)
ORcisconx-osMatch6.0\(2\)u2\(3\)
ORcisconx-osMatch6.0\(2\)u2\(4\)
ORcisconx-osMatch6.0\(2\)u2\(5\)
ORcisconx-osMatch6.0\(2\)u2\(6\)
ORcisconx-osMatch6.0\(2\)u3\(1\)
ORcisconx-osMatch6.0\(2\)u3\(2\)
ORcisconx-osMatch6.0\(2\)u3\(3\)
ORcisconx-osMatch6.0\(2\)u3\(4\)
ORcisconx-osMatch6.0\(2\)u3\(5\)
ORcisconx-osMatch6.0\(2\)u4\(1\)
ORcisconx-osMatch6.0\(2\)u4\(2\)
ORcisconx-osMatch6.0\(2\)u4\(3\)
ORcisconx-osMatch6.0\(2\)u5\(1\)
cisconexus_3016
ORcisconexus_3048
ORcisconexus_3064
ORcisconexus_3132q
ORcisconexus_3164qMatch-
ORcisconexus_3172
ORcisconexus_3524
ORcisconexus_3548
Related
nvd
nvd
CVE-2015-0658
2015-03-28 01:59:49
openvas
openvas
nessus
nessus
Cisco NX-OS DHCP POAP Command Injection Vulnerability
2015-04-27 00:00:00
Cisco NX-OS Software DHCP Options Command Injection (CVE-2015-0658)
2023-07-25 00:00:00
cvelist
cvelist
CVE-2015-0658
2015-03-28 01:00:00
cisco
cisco
Cisco NX-OS Software DHCP Options Command Injection Vulnerability
2015-03-27 12:30:01
prion
prion
Design/Logic Flaw
2015-03-28 01:59:00
7.9 High
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:M/Au:N/C:C/I:C/A:C
7.6 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
57.4%
Related for CVE-2015-0658