CVE-2018-0274
published 2018-06-07CVE-2018-0274: A vulnerability in the CLI parser of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to execute arbitrary shell…
PriorityP262high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
3.96%
89.1th percentile
A vulnerability in the CLI parser of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting malicious arguments into vulnerable commands. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected system. This vulnerability affects the following releases of Cisco Network Services Orchestrator (NSO): 4.1 through 4.1.6.0, 4.2 through 4.2.4.0, 4.3 through 4.3.3.0, 4.4 through 4.4.2.0. Cisco Bug IDs: CSCvf99982.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | network_services_orchestrator | — | — |
| cisco | network_services_orchestrator | 4.1 – 4.1.6.0 | — |
| cisco | network_services_orchestrator | 4.2 – 4.2.4.0 | — |
| cisco | network_services_orchestrator | 4.3 – 4.3.3.0 | — |
| cisco | network_services_orchestrator | 4.4 – 4.4.2.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit vector is argument injection into CLI parser commands of Cisco NSO — monitor for shell metacharacters or unexpected arguments in NSO CLI sessions from authenticated remote users ↗
- →Successful exploitation results in arbitrary command execution as root — alert on unexpected root-level process spawning from NSO daemon processes ↗
- →Affected versions are NSO 4.1 through 4.1.6.0, 4.2 through 4.2.4.0, 4.3 through 4.3.3.0, 4.4 through 4.4.2.0 — inventory and flag any unpatched instances ↗
- ·Exploitation requires prior authentication — prioritize detection of authenticated remote CLI sessions to NSO, particularly those exhibiting unusual command patterns ↗
- ·No workarounds are available; patching is the only mitigation — unpatched systems should be treated as high-risk until updated ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vendor_cisco8.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-73h9-784v-5f52: A vulnerability in the CLI parser of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to execute arbitrary shel
ghsa_unreviewed·2022-05-13
CVE-2018-0274 [HIGH] CWE-78 GHSA-73h9-784v-5f52: A vulnerability in the CLI parser of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to execute arbitrary shel
A vulnerability in the CLI parser of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting malicious arguments into vulnerable commands. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected system. This vulnerability affects the following releases of Cisco Network Services Orchestrator (NSO): 4.1 through 4.1.6.0, 4.2 through 4.2.4.0, 4.3 through 4.3.3.0, 4.4 through 4.4.2.0. Cisco Bug IDs: CSCvf99982.
Cisco
Cisco Network Services Orchestrator Arbitrary Command Execution Vulnerability
vendor_cisco·2018-06-06·CVSS 8.1
CVE-2018-0274 [HIGH] CWE-20 Cisco Network Services Orchestrator Arbitrary Command Execution Vulnerability
Cisco Network Services Orchestrator Arbitrary Command Execution Vulnerability
A vulnerability in the CLI parser of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user.
The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting malicious arguments into vulnerable commands. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected system.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/Cisc
Cisco
Cisco Network Services Orchestrator Arbitrary Command Execution Vulnerability
vendor_cisco·CVSS 3.0
CVE-2018-0274 Cisco Network Services Orchestrator Arbitrary Command Execution Vulnerability
CVE-2018-0274: Cisco Network Services Orchestrator Arbitrary Command Execution Vulnerability
A vulnerability in the CLI parser of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting malicious arguments into vulnerable commands. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected system. Cisco has released software updates that address this vulnerability. There are no
CVSS: 3.0
CWE: CWE-20, CWE-20
Bug IDs: CSCvf99982
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-06-07
Published