HomePentest-Tools.com Logo

Cisco Nexus Devices NX-OS Software Command-Line Interpreter Local Privilege Escalation Vulnerability (Cisco-SA-20150630-CVE-2015-4232)

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

A local privilege escalation vulnerability in the command-line interpreter of Cisco Nexus devices could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with user privileges.

Risk description

The vulnerability exists due to insufficient input sanitization of parameters passed to the tar command on the command-line interpreter of an affected device. An attacker could leverage this behavior to execute arbitrary commands on the underlying operating system with the privileges of the user authenticated to the device.

Recommendation

See the referenced vendor advisory for a solution.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Jul 3, 2015
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available