Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.105703 |
Category: | CISCO |
Title: | Cisco Nexus Devices NX-OS Software Command-Line Interpreter Local Privilege Escalation Vulnerability |
Summary: | A local privilege escalation vulnerability in the command-line interpreter of Cisco Nexus devices;could allow an authenticated, local attacker to execute arbitrary commands on the underlying;operating system with user privileges.;;The vulnerability exists due to insufficient input sanitization of parameters passed to the tar;command on the command-line interpreter of an affected device. An attacker could leverage this;behavior to execute arbitrary commands on the underlying operating system with the privileges of the;user authenticated to the device.;;Cisco has confirmed the vulnerability and released software updates.;;To exploit this vulnerability, an attacker must have local access and be able to authenticate to the;targeted device. These requirements could limit the possibility of a successful exploit.;;Cisco would like to thank Jens Krabbenhoeft for discovering and reporting this vulnerability. |
Description: | Summary: A local privilege escalation vulnerability in the command-line interpreter of Cisco Nexus devices could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with user privileges. The vulnerability exists due to insufficient input sanitization of parameters passed to the tar command on the command-line interpreter of an affected device. An attacker could leverage this behavior to execute arbitrary commands on the underlying operating system with the privileges of the user authenticated to the device. Cisco has confirmed the vulnerability and released software updates. To exploit this vulnerability, an attacker must have local access and be able to authenticate to the targeted device. These requirements could limit the possibility of a successful exploit. Cisco would like to thank Jens Krabbenhoeft for discovering and reporting this vulnerability. Solution: See the referenced vendor advisory for a solution. CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-4232 BugTraq ID: 75503 http://www.securityfocus.com/bid/75503 Cisco Security Advisory: 20150630 Cisco Nexus Devices NX-OS Software Command-Line Interpreter Local Privilege Escalation Vulnerability http://tools.cisco.com/security/center/viewAlert.x?alertId=39569 http://www.securitytracker.com/id/1032764 |
Copyright | This script is Copyright (C) 2016 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |