CVE-2018-0293 — OS Command Injection in Cisco Nx-os

CWE-264 CWE-78 — OS Command Injection4 documents4 sources

Severity

8.8HIGHNVD

EPSS

1.9%

top 16.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Nx-os

Timeline

PublishedJun 20

Latest updateMay 13

Description

A vulnerability in role-based access control (RBAC) for Cisco NX-OS Software could allow an authenticated, remote attacker to execute CLI commands that should be restricted for a nonadministrative user. The attacker would have to possess valid user credentials for the device. The vulnerability is due to incorrect RBAC privilege assignment for certain CLI commands. An attacker could exploit this vulnerability by authenticating to a device as a nonadministrative user and executing specific command…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDcisco/nx-os6.0 — 7.3\(3\)n1\(1\)+5

🔴Vulnerability Details

GHSA

GHSA-qc62-gwj8-9q46: A vulnerability in role-based access control (RBAC) for Cisco NX-OS Software could allow an authenticated, remote attacker to execute CLI commands tha↗2022-05-13

▶

CVEList

CVE-2018-0293: A vulnerability in role-based access control (RBAC) for Cisco NX-OS Software could allow an authenticated, remote attacker to execute CLI commands tha↗2018-06-20

▶

📋Vendor Advisories

Cisco

Cisco NX-OS Software Role-Based Access Control Elevated Privileges Vulnerability↗2018-06-20

▶