Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Cisco Nexus Devices NX-OS Software Command-Line Interpreter Local Privilege Escalation Vulnerability

Information

Severity

Severity

Medium

Family

Family

CISCO

CVSSv2 Base

CVSSv2 Base

4.6

CVSSv2 Vector

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

6 years ago

Modified

Modified

4 years ago

Summary

A local privilege escalation vulnerability in the command-line interpreter of Cisco Nexus devices could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with user privileges. The vulnerability exists due to insufficient input sanitization of parameters passed to the tar command on the command-line interpreter of an affected device. An attacker could leverage this behavior to execute arbitrary commands on the underlying operating system with the privileges of the user authenticated to the device. Cisco has confirmed the vulnerability and released software updates. To exploit this vulnerability, an attacker must have local access and be able to authenticate to the targeted device. These requirements could limit the possibility of a successful exploit. Cisco would like to thank Jens Krabbenhoeft for discovering and reporting this vulnerability.

Detection Method

Detection Method

Checks if a vulnerable version is present on the target host.

Solution

Solution

See the referenced vendor advisory for a solution.

Common Vulnerabilities and Exposures (CVE)