4 matches found
Cisco NX-OS Software DHCP Options Command Injection (CVE-2015-0658)
The DHCP implementation in the PowerOn Auto Provisioning POAP feature in Cisco NX-OS does not properly restrict the initialization process, which allows remote attackers to execute arbitrary commands as root by sending crafted response packets on the local network, aka Bug ID CSCur14589. This...
Cisco NX-OS Software DHCP Options Command Injection Vulnerability (Cisco-SA-20150327-CVE-2015-0658)
A vulnerability in DHCP code used with PowerOn Auto Provisioning POAP of Cisco NX-OS could allow an unauthenticated, adjacent attacker to inject arbitrary commands into the Cisco NX-OS device. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced...
Cisco NX-OS DHCP POAP Command Injection Vulnerability
The remote Cisco device is running a version of NX-OS software that is affected by a command injection vulnerability due to the PowerOn Auto Provisioning POAP feature not properly validating the DHCP options returned by POAP. An attacker on an adjacent network, using crafted DHCP packets, can...
CVE-2015-0658
Cisco NX-OS POAP DHCP Options Command Injection (CVE-2015-0658). The POAP DHCP initialization validation is insufficient, allowing an adjacent attacker to send crafted DHCP packets and execute arbitrary commands as root on the affected device. Impact is remote code execution with root privileges ...