Arbitrary OS Command Execution in Cisco NX-OS CLI Parser

CVE-2015-4237 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491, CSCuv08443, CSCuv08480, CSCuv08448, CSCuu99291, CSCuv08434, and CSCuv08436.

Learn more about our Cis Benchmark Audit For Cisco.