CVE-2015-4237 — OS Command Injection in Cisco Nx-os

CWE-78 — OS Command Injection CWE-2644 documents4 sources

Severity

4.6MEDIUMNVD

EPSS

0.2%

top 55.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Nx-os

Timeline

PublishedJul 3

Latest updateMay 17

Description

The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491, CSCuv08443, CSCuv08480, CSCuv08448, CSCuu99291, CSCuv08434, and CSCuv08436.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

▶NVDcisco/nx-os6 versions+5

🔴Vulnerability Details

GHSA

GHSA-p7qf-fqjr-3jrq: The CLI parser in Cisco NX-OS 4↗2022-05-17

▶

CVEList

CVE-2015-4237: The CLI parser in Cisco NX-OS 4↗2015-07-03

▶

📋Vendor Advisories

Cisco

Cisco Nexus Operating System Devices Command Line Interface Local Privilege Escalation Vulnerability↗2015-07-01

▶