CVE-2018-0306Improper Input Validation in Cisco Nx-os

CWE-20Improper Input ValidationCWE-78OS Command Injection4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 67.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Nx-os
Timeline
PublishedJun 21
Latest updateMay 13

Description

A vulnerability in the CLI parser of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected device. Note: This vulnera

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

NVDcisco/nx-os< 7.3\(3\)n1\(1\)+7

🔴Vulnerability Details

2
GHSA
GHSA-mj78-xxvc-gcjm: A vulnerability in the CLI parser of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an aff2022-05-13
CVEList
CVE-2018-0306: A vulnerability in the CLI parser of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an aff2018-06-21

📋Vendor Advisories

1
Cisco
Cisco NX-OS Software CLI Arbitrary Command Execution Vulnerability2018-06-20
CVE-2018-0306 — Improper Input Validation in Cisco | cvebase