First published: Thu May 16 2019(Updated: )
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to access internal services that should be restricted on an affected device, such as the NX-API. The vulnerability is due to insufficient validation of arguments passed to a certain CLI command. An attacker could exploit this vulnerability by including malicious input as the argument to the affected command. A successful exploit could allow the attacker to bypass intended restrictions and access internal services of the device. An attacker would need valid device credentials to exploit this vulnerability. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cli-bypass
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco NX-OS Software | =6.2<6.2(25)=5.2<6.2(25) | 6.2(25) 6.2(25) |
Cisco NX-OS Software | ||
Cisco NX-OS Software | =6.0(2)A8<6.0(2)A8(11)=Prior to 6.0(2)A8<6.0(2)A8(11) | 6.0(2)A8(11) 6.0(2)A8(11) |
Cisco NX-OS Software | =6.2<6.2(22)=Prior to 6.2<6.2(22) | 6.2(22) 6.2(22) |
Cisco NX-OS Software | =4.0<4.0(1d)=Prior to 4.0<4.0(1d) | 4.0(1d) 4.0(1d) |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this Cisco NX-OS Software CLI Bypass vulnerability is cisco-sa-20190515-nxos-cli-bypass.
The severity level of the Cisco NX-OS Software CLI Bypass vulnerability is medium.
An attacker can exploit the Cisco NX-OS Software CLI Bypass vulnerability by using a certain CLI command to bypass restrictions and access internal services on the affected device.
The versions of Cisco NX-OS Software affected by the CLI Bypass vulnerability are 6.2(25), 5.2, 6.0(2)A8(11), 6.2(22), and 4.0(1d).
To fix the Cisco NX-OS Software CLI Bypass vulnerability, update to a fixed software version as mentioned in the Cisco Security Advisory cisco-sa-20190515-nxos-cli-bypass.