CVE-2015-0658 — Improper Input Validation in Cisco Nx-os

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.9HIGHNVD

EPSS

0.5%

top 34.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Nx-os

Timeline

PublishedMar 28

Latest updateMay 17

Description

The DHCP implementation in the PowerOn Auto Provisioning (POAP) feature in Cisco NX-OS does not properly restrict the initialization process, which allows remote attackers to execute arbitrary commands as root by sending crafted response packets on the local network, aka Bug ID CSCur14589.

CVSS vector

AV:A/AC:M/C:C/I:C/A:CExploitability: 5.5 | Impact: 10.0

Affected Packages1 packages

▶NVDcisco/nx-os68 versions+67

🔴Vulnerability Details

GHSA

GHSA-p8qc-7hcq-6crg: The DHCP implementation in the PowerOn Auto Provisioning (POAP) feature in Cisco NX-OS does not properly restrict the initialization process, which al↗2022-05-17

▶

CVEList

CVE-2015-0658: The DHCP implementation in the PowerOn Auto Provisioning (POAP) feature in Cisco NX-OS does not properly restrict the initialization process, which al↗2015-03-28

▶

📋Vendor Advisories

Cisco

Cisco NX-OS Software DHCP Options Command Injection Vulnerability↗2015-03-27

▶