Cisco NX-OS Software TACACS+ Command Authorization Vulnerability

A vulnerability in the TACACS+ command authorization feature of Cisco NX-OS Software could allow an authenticated, local attacker to cause the system to reset. The vulnerability is due to incorrect processing of very long command-line interface (CLI) commands by the TACACS+ command authorization feature. An attacker could exploit this vulnerability by being locally authenticated and executing a long CLI command that is subject to command authorization. An exploit could allow the attacker to cause the device to reload. Cisco has confirmed the vulnerability in a security notice and released software updates. To exploit this vulnerability, an attacker must authenticate and have local access to a targeted system. These requirements would likely reduce the possibility of a successful exploit. Cisco indicates through the CVSS score that functional exploit code exists. However, the code is not known to be publicly available.

Checks if a vulnerable version is present on the target host.

See the referenced vendor advisory for a solution.