Short Name |
APP:CISCO:NX-OS-PRIV-ESC |
---|---|
Severity |
Major |
Recommended |
No |
Category |
APP |
Keywords |
Cisco NX-OS Privilege Escalation |
Release Date |
2011/11/01 |
Update Number |
2021 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known flaw in Cisco NS-OS. The vulnerability is due to insufficient validation of CLI input containing the pipe character (|). Remote authenticated attackers can exploit this vulnerability by using specially crafted commands on a vulnerable system. Successful exploitation could cause execution of restricted commands, resulting in access to the underlying Linux operating system.
Cisco Nexus OS is prone to multiple local command-injection vulnerabilities. A local attacker can exploit these issues to execute arbitrary commands with administrative privileges. Successful exploits may compromise the affected computer. Cisco MDS, UCS, Nexus 7000, 5000, 4000, 3000, 2000, and 1000V are vulnerable; other versions may also be affected.