First published: Wed Aug 24 2022(Updated: )
A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The attacker would need to have Administrator privileges on the device. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-cmdinj-TxcLNZNH This advisory is part of the August 2022 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: August 2022 Semiannual Cisco FXOS and NX-OS Software Security Advisory Bundled Publication.
Credit: This vulnerability was found by Ilkin Gasimov Cisco during internal security testing
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco FX-OS |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of cisco-sa-fxos-cmdinj-TxcLNZNH is considered to be high due to its potential impact on the system.
To fix cisco-sa-fxos-cmdinj-TxcLNZNH, update to a patched version of Cisco FXOS Software as recommended by the security advisory.
Devices running Cisco FXOS Software with Administrator privileges are affected by cisco-sa-fxos-cmdinj-TxcLNZNH.
An attacker can execute arbitrary commands with root privileges due to cisco-sa-fxos-cmdinj-TxcLNZNH.
Yes, successful exploitation of cisco-sa-fxos-cmdinj-TxcLNZNH requires the attacker to be an authenticated user with Administrator privileges.