cbcvebase.
CVE-2018-0274
published 2018-06-07

CVE-2018-0274: A vulnerability in the CLI parser of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to execute arbitrary shell…

PriorityP262high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
3.96%
89.1th percentile
A vulnerability in the CLI parser of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting malicious arguments into vulnerable commands. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected system. This vulnerability affects the following releases of Cisco Network Services Orchestrator (NSO): 4.1 through 4.1.6.0, 4.2 through 4.2.4.0, 4.3 through 4.3.3.0, 4.4 through 4.4.2.0. Cisco Bug IDs: CSCvf99982.

Affected

5 ranges
VendorProductVersion rangeFixed in
cisconetwork_services_orchestrator
cisconetwork_services_orchestrator4.1 – 4.1.6.0
cisconetwork_services_orchestrator4.2 – 4.2.4.0
cisconetwork_services_orchestrator4.3 – 4.3.3.0
cisconetwork_services_orchestrator4.4 – 4.4.2.0

Detection & IOCsextracted from sources · hover to see the quote

  • Exploit vector is argument injection into CLI parser commands of Cisco NSO — monitor for shell metacharacters or unexpected arguments in NSO CLI sessions from authenticated remote users
  • Successful exploitation results in arbitrary command execution as root — alert on unexpected root-level process spawning from NSO daemon processes
  • Affected versions are NSO 4.1 through 4.1.6.0, 4.2 through 4.2.4.0, 4.3 through 4.3.3.0, 4.4 through 4.4.2.0 — inventory and flag any unpatched instances
  • ·Exploitation requires prior authentication — prioritize detection of authenticated remote CLI sessions to NSO, particularly those exhibiting unusual command patterns
  • ·No workarounds are available; patching is the only mitigation — unpatched systems should be treated as high-risk until updated

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vendor_cisco8.1HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.