CVE-2020-3454Improper Input Validation in Cisco Nx-os Software 5.0

CWE-20Improper Input ValidationCWE-78OS Command Injection6 documents5 sources
Severity
7.2HIGHNVD
EPSS
1.8%
top 17.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Nx-os Software 5.0
Timeline
PublishedAug 27
Latest updateMay 24

Description

A vulnerability in the Call Home feature of Cisco NX-OS Software could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges on the underlying operating system (OS). The vulnerability is due to insufficient input validation of specific Call Home configuration parameters when the software is configured for transport method HTTP. An attacker could exploit this vulnerability by modifying parameters within the Call Home configuration on an a

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-m2wj-fv5g-v2xg: A vulnerability in the Call Home feature of Cisco NX-OS Software could allow an authenticated, remote attacker to inject arbitrary commands that could2022-05-24
CVEList
Cisco NX-OS Software Call Home Command Injection Vulnerability2020-08-27

📋Vendor Advisories

3
Microsoft
Microsoft Excel Remote Code Execution Vulnerability2020-12-08
Microsoft
Microsoft Excel Remote Code Execution Vulnerability2020-12-08
Cisco
Cisco NX-OS Software Call Home Command Injection Vulnerability2020-08-26
CVE-2020-3454 — Improper Input Validation in Cisco | cvebase