CVE-2018-0293

Published: Jun 20, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A vulnerability in role-based access control (RBAC) for Cisco NX-OS Software could allow an authenticated, remote attacker to execute CLI commands that should be restricted for a nonadministrative user. The attacker would have to possess valid user credentials for the device. The vulnerability is due to incorrect RBAC privilege assignment for certain CLI commands. An attacker could exploit this vulnerability by authenticating to a device as a nonadministrative user and executing specific commands from the CLI. An exploit could allow the attacker to run commands that should be restricted to administrative users. These commands could modify the configuration or boot image on the device. This vulnerability affects MDS 9000 Series Multilayer Switches, Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCvd77904.

Affected (6)

Products: Cisco: Nx Os

Cisco

1 product

Nx Os

Configuration A

12 platform

Running on/with	Platform Versions
Cisco Nexus 5000	All versions
Cisco Nexus 5010	All versions
Cisco Nexus 5020	All versions
Cisco Nexus 5548p	All versions
Cisco Nexus 5548up	All versions
Cisco Nexus 5596t	All versions
Cisco Nexus 5596up	All versions
Cisco Nexus 56128p	All versions
Cisco Nexus 5624q	All versions
Cisco Nexus 5648q	All versions
Cisco Nexus 5672up	All versions
Cisco Nexus 5696q	All versions

Configuration B

2 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Cisco Nx Os	Version 7.3(2)n1(0.395)
Cisco Nx Os	Version 8.1(0.112)s0

Running on/with	Platform Versions
Cisco Nexus 7000	All versions
Cisco Nexus 7700	All versions

Configuration C

1 vulnerable · 19 platform

Vulnerable Software	Affected Versions
Cisco Nx Os	From 7.0\(3\)i4 to 7.0\(3\)i7\(1\)

Running on/with	Platform Versions
Cisco Nexus 92160yc X	All versions
Cisco Nexus 92304qc	All versions
Cisco Nexus 9236c	All versions
Cisco Nexus 9272q	All versions
Cisco Nexus 93108tc Ex	All versions
Cisco Nexus 93120tx	All versions
Cisco Nexus 93128tx	All versions
Cisco Nexus 93180yc Ex	All versions
Cisco Nexus 9332pq	All versions
Cisco Nexus 9372px	All versions
Cisco Nexus 9372tx	All versions
Cisco Nexus 9396px	All versions
Cisco Nexus 9396tx	All versions
Cisco Nexus 9504	All versions
Cisco Nexus 9508	All versions
Cisco Nexus 9516	All versions
Cisco Nexus N9k C9508 Fm R	All versions
Cisco Nexus N9k X9636c R	All versions
Cisco Nexus N9k X9636q R	All versions

Configuration D

1 vulnerable · 28 platform

Vulnerable Software	Affected Versions
Cisco Nx Os	From 6.0 to 7.0\(3\)i7\(2\)

Running on/with	Platform Versions
Cisco Nexus 172tq Xl	All versions
Cisco Nexus 3016	All versions
Cisco Nexus 3048	All versions
Cisco Nexus 3064 32t	All versions
Cisco Nexus 3064 T	All versions
Cisco Nexus 3064 X	All versions
Cisco Nexus 3100 V	All versions
Cisco Nexus 31128pq	All versions
Cisco Nexus 3132c Z	All versions
Cisco Nexus 3132q	All versions
Cisco Nexus 3132q X	All versions
Cisco Nexus 3132q Xl	All versions
Cisco Nexus 3164q	All versions
Cisco Nexus 3172pq	All versions
Cisco Nexus 3172pq Xl	All versions
Cisco Nexus 3172tq	All versions
Cisco Nexus 3172tq 32t	All versions
Cisco Nexus 3232c	All versions
Cisco Nexus 3264c E	All versions
Cisco Nexus 3264q	All versions
Cisco Nexus 34180yc	All versions
Cisco Nexus 3524 X	All versions
Cisco Nexus 3524 Xl	All versions
Cisco Nexus 3548	All versions
Cisco Nexus 3548 X	All versions
Cisco Nexus 3548 Xl	All versions
Cisco Nexus 3636c R	All versions
Cisco Nexus C36180yc R	All versions