CVE-2018-0274

CWE-20Improper Input ValidationCWE-78OS Command Injection4 documents4 sources
Severity
8.8HIGH
EPSS
0.9%
top 24.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Network Services Orchestrator
Timeline
PublishedJun 7
Latest updateMay 13

Description

A vulnerability in the CLI parser of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting malicious arguments into vulnerable commands. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected system. This vulnerabilit

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5cisco_network_services_orchestrator_unknownCisco Network Services Orchestrator unknown

🔴Vulnerability Details

2
GHSA
GHSA-73h9-784v-5f52: A vulnerability in the CLI parser of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to execute arbitrary shel2022-05-13
CVEList
CVE-2018-0274: A vulnerability in the CLI parser of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to execute arbitrary shel2018-06-07

📋Vendor Advisories

1
Cisco
Cisco Network Services Orchestrator Arbitrary Command Execution Vulnerability2018-06-06
CVE-2018-0274 (HIGH CVSS 8.8) | A vulnerability in the CLI parser o | cvebase.io