CVE-2018-0307

Published: Jun 20, 2018Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker, authenticated as a privileged user, to execute arbitrary commands with root privileges. Note: On products that support multiple virtual device contexts (VDC), this vulnerability could allow an attacker to access files from any VDC. This vulnerability affects Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCve51704, CSCve91749, CSCve91768.

Affected (6)

Products: Cisco: Nx Os

Cisco

1 product

Nx Os

Configuration A

12 platform

Running on/with	Platform Versions
Cisco Nexus 5000	All versions
Cisco Nexus 5010	All versions
Cisco Nexus 5020	All versions
Cisco Nexus 5548p	All versions
Cisco Nexus 5548up	All versions
Cisco Nexus 5596t	All versions
Cisco Nexus 5596up	All versions
Cisco Nexus 56128p	All versions
Cisco Nexus 5624q	All versions
Cisco Nexus 5648q	All versions
Cisco Nexus 5672up	All versions
Cisco Nexus 5696q	All versions

Configuration B

2 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Cisco Nx Os	From 6.2 to 8.1\(2\)
Cisco Nx Os	Version 8.2

Running on/with	Platform Versions
Cisco Nexus 7000	All versions
Cisco Nexus 7700	All versions

Configuration C

19 platform

Running on/with	Platform Versions
Cisco Nexus 92160yc X	All versions
Cisco Nexus 92304qc	All versions
Cisco Nexus 9236c	All versions
Cisco Nexus 9272q	All versions
Cisco Nexus 93108tc Ex	All versions
Cisco Nexus 93120tx	All versions
Cisco Nexus 93128tx	All versions
Cisco Nexus 93180yc Ex	All versions
Cisco Nexus 9332pq	All versions
Cisco Nexus 9372px	All versions
Cisco Nexus 9372tx	All versions
Cisco Nexus 9396px	All versions
Cisco Nexus 9396tx	All versions
Cisco Nexus 9504	All versions
Cisco Nexus 9508	All versions
Cisco Nexus 9516	All versions
Cisco Nexus N9k C9508 Fm R	All versions
Cisco Nexus N9k X9636c R	All versions
Cisco Nexus N9k X9636q R	All versions

Configuration D

2 vulnerable · 28 platform

Vulnerable Software	Affected Versions
Cisco Nx Os	Before 7.0\(3\)i3
Cisco Nx Os	From 7.0\(3\)i4 to 7.0\(3\)i7\(1\)

Running on/with	Platform Versions
Cisco Nexus 172tq Xl	All versions
Cisco Nexus 3016	All versions
Cisco Nexus 3048	All versions
Cisco Nexus 3064 32t	All versions
Cisco Nexus 3064 T	All versions
Cisco Nexus 3064 X	All versions
Cisco Nexus 3100 V	All versions
Cisco Nexus 31128pq	All versions
Cisco Nexus 3132c Z	All versions
Cisco Nexus 3132q	All versions
Cisco Nexus 3132q X	All versions
Cisco Nexus 3132q Xl	All versions
Cisco Nexus 3164q	All versions
Cisco Nexus 3172pq	All versions
Cisco Nexus 3172pq Xl	All versions
Cisco Nexus 3172tq	All versions
Cisco Nexus 3172tq 32t	All versions
Cisco Nexus 3232c	All versions
Cisco Nexus 3264c E	All versions
Cisco Nexus 3264q	All versions
Cisco Nexus 34180yc	All versions
Cisco Nexus 3524 X	All versions
Cisco Nexus 3524 Xl	All versions
Cisco Nexus 3548	All versions
Cisco Nexus 3548 X	All versions
Cisco Nexus 3548 Xl	All versions
Cisco Nexus 3636c R	All versions
Cisco Nexus C36180yc R	All versions