← Back

CVE-2015-4237

nvd nist
Published: Jul 3, 2015Modified: May 6, 2026

JSON object

Loading...
4.6
Vector
AV:L/AC:L/Au:N/C:P/I:P/A:P
Exploitability: 3.9 / Impact: 6.4
Source: NVD

Description

The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491, CSCuv08443, CSCuv08480, CSCuv08448, CSCuu99291, CSCuv08434, and CSCuv08436.

Affected (6)

Products: Cisco: Nx Os
Cisco
1 product
Nx Os
Configuration A
1 vulnerable · 11 platform
Vulnerable SoftwareAffected Versions
Nx Os
Version 7.2(0)zz(99.3)
Running on/withPlatform Versions
Cisco
Nexus 93120tx
All versions
Cisco
Nexus 93128tx
All versions
Cisco
Nexus 9332pq
All versions
Cisco
Nexus 9336pq Aci Spine
All versions
Cisco
Nexus 9372px
All versions
Cisco
Nexus 9372tx
All versions
Cisco
Nexus 9396px
All versions
Cisco
Nexus 9396tx
All versions
Cisco
Nexus 9504
All versions
Cisco
Nexus 9508
All versions
Cisco
Nexus 9516
All versions
Configuration B
9 platform
Running on/withPlatform Versions
Cisco
Nexus 3016
All versions
Cisco
Nexus 3048
All versions
Cisco
Nexus 3064
All versions
Cisco
Nexus 3132q
All versions
Cisco
Nexus 3164q
All versions
Cisco
Nexus 3172
All versions
Cisco
Nexus 3232c
All versions
Cisco
Nexus 3524
All versions
Cisco
Nexus 3548
All versions
Configuration C
1 vulnerable · 4 platform
Vulnerable SoftwareAffected Versions
Nx Os
Version 6.2(11b)
Running on/withPlatform Versions
Cisco
Mds 9100
All versions
Cisco
Mds 9140
All versions
Cisco
Mds 9500
All versions
Cisco
Mds 9700
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nx Os
Version 9.1(1)sv1(3.1.8)
Running on/withPlatform Versions
Cisco
Nexus 1000v
All versions
Configuration E
1 vulnerable · 9 platform
Vulnerable SoftwareAffected Versions
Nx Os
Version 7.2(0)zz(99.1)
Running on/withPlatform Versions
Cisco
Nexus 5548p
All versions
Cisco
Nexus 5548up
All versions
Cisco
Nexus 5596t
All versions
Cisco
Nexus 5596up
All versions
Cisco
Nexus 56128p
All versions
Cisco
Nexus 5624q
All versions
Cisco
Nexus 5648q
All versions
Cisco
Nexus 5672up
All versions
Cisco
Nexus 5696q
All versions
Configuration F
1 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Nx Os
Version 6.2(12)
Running on/withPlatform Versions
Cisco
Nexus 7000
All versions
Cisco
Nexus 7700
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nx Os
Version 4.1(2)e1(1)
Running on/withPlatform Versions
Cisco
Nexus 4001i
All versions

Related CWEs

CWE-264
CWE-264
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (4)

Source: psirt@cisco.com
Vendor Advisory
Source: psirt@cisco.com
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry

Timeline

No history available yet.