First published: Thu Jun 07 2018(Updated: )
A vulnerability in the CLI parser of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting malicious arguments into vulnerable commands. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected system. This vulnerability affects the following releases of Cisco Network Services Orchestrator (NSO): 4.1 through 4.1.6.0, 4.2 through 4.2.4.0, 4.3 through 4.3.3.0, 4.4 through 4.4.2.0. Cisco Bug IDs: CSCvf99982.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Network Services Orchestrator | >=4.1<=4.1.6.0 | |
Cisco Network Services Orchestrator | >=4.2<=4.2.4.0 | |
Cisco Network Services Orchestrator | >=4.3<=4.3.3.0 | |
Cisco Network Services Orchestrator | >=4.4<=4.4.2.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-0274 is a vulnerability in the CLI parser of Cisco Network Services Orchestrator (NSO) that could allow an authenticated, remote attacker to execute arbitrary shell commands with root privileges.
CVE-2018-0274 has a severity rating of 8.8, which is considered critical.
Versions 4.1 to 4.1.6.0, 4.2 to 4.2.4.0, 4.3 to 4.3.3.0, and 4.4 to 4.4.2.0 of Cisco Network Services Orchestrator are affected by CVE-2018-0274.
An attacker can exploit CVE-2018-0274 by sending specially crafted commands to the CLI parser of Cisco Network Services Orchestrator, allowing them to execute arbitrary shell commands with root privileges.
Yes, you can find more information about CVE-2018-0274 at the following references: [1] http://www.securityfocus.com/bid/104449, [2] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-nso