CVE-2018-0092Missing Authorization in Cisco Nx-os

CWE-264CWE-862Missing Authorization4 documents4 sources
Severity
7.1HIGHNVD
EPSS
0.1%
top 70.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Nx-os
Timeline
PublishedJan 18
Latest updateMay 13

Description

A vulnerability in the network-operator user role implementation for Cisco NX-OS System Software could allow an authenticated, local attacker to improperly delete valid user accounts. The network-operator role should not be able to delete other configured users on the device. The vulnerability is due to a lack of proper role-based access control (RBAC) checks for the actions that a user with the network-operator role is allowed to perform. An attacker could exploit this vulnerability by authenti

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages1 packages

NVDcisco/nx-os7.0\(3\)i5\(2\), 7.0\(3\)i6\(1\), 7.0\(3\)i7\(1\)+2

🔴Vulnerability Details

2
GHSA
GHSA-fjv2-wp8j-f9w3: A vulnerability in the network-operator user role implementation for Cisco NX-OS System Software could allow an authenticated, local attacker to impro2022-05-13
CVEList
CVE-2018-0092: A vulnerability in the network-operator user role implementation for Cisco NX-OS System Software could allow an authenticated, local attacker to impro2018-01-18

📋Vendor Advisories

1
Cisco
Cisco NX-OS System Software Unauthorized User Account Deletion Vulnerability2018-01-18
CVE-2018-0092 — Missing Authorization in Cisco Nx-os | cvebase