Cisco NX-OS Software Command Injection Vulnerability Allowing File System Access

A command injection vulnerability has been identified in the CLI of Cisco NX-OS Software. This issue allows an authenticated, local attacker to execute a command injection attack on the underlying operating system of the affected device. The vulnerability arises from inadequate validation of user-supplied input, enabling attackers to exploit it by crafting input for specific CLI commands. Successful exploitation could result in unauthorized reading and writing of files on the operating system, using the privileges of a non-root user account. Access to the file system is restricted to the permissions assigned to that non-root user.

Impact

Exploitation of this vulnerability could lead to unauthorized file system access on the underlying operating system, allowing an attacker to read and write files with the privileges of a non-root user account.

Remediation

Cisco has released software updates to address this vulnerability. For guidance on determining the best Cisco NX-OS Software release, consult the Recommended Releases documents for the specific Cisco product. To check for vulnerabilities in a particular Cisco NX-OS Software release, use the Cisco Software Checker tool.