CVE-2023-20050OS Command Injection in Cisco Nx-os

CWE-78OS Command Injection4 documents4 sources
Severity
7.8HIGHNVD
CNA4.4
EPSS
0.1%
top 70.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Nx-osCisco Nx-os Software
Timeline
PublishedFeb 23

Description

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying op

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDcisco/nx-os< 8.2\(9\)+2

🔴Vulnerability Details

2
GHSA
GHSA-xmwf-5pvf-pm8f: A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operat2023-02-23
CVEList
Cisco NX-OS Software CLI Command Injection Vulnerability2023-02-23

📋Vendor Advisories

1
Cisco
Cisco NX-OS Software CLI Command Injection Vulnerability2023-02-22
CVE-2023-20050 — OS Command Injection in Cisco Nx-os | cvebase