CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
57.3%
A vulnerability in the SSH subsystem of the Cisco Nexus family of products could allow an authenticated, remote attacker to bypass authentication, authorization, and accounting (AAA) restrictions.
The vulnerability is due to the improper processing of certain parameters that are passed to an affected device during the negotiation of an SSH connection. An attacker could exploit this vulnerability by authenticating to an affected device and passing a malicious value as part of the login procedure. A successful exploit could allow an attacker to bypass AAA restrictions and execute commands on the device command-line interface (CLI) that should be restricted to a different privileged user role.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-nxaaa [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-nxaaa”]
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | nx_os | 4.1 | cpe:2.3:o:cisco:nx_os:4.1:*:*:*:*:*:*:* |
cisco | nx_os | 5.0 | cpe:2.3:o:cisco:nx_os:5.0:*:*:*:*:*:*:* |
cisco | nx_os | 4.2 | cpe:2.3:o:cisco:nx_os:4.2:*:*:*:*:*:*:* |
cisco | nx_os | 5.1 | cpe:2.3:o:cisco:nx_os:5.1:*:*:*:*:*:*:* |
cisco | nx_os | 5.2 | cpe:2.3:o:cisco:nx_os:5.2:*:*:*:*:*:*:* |
cisco | nx_os | 6.1 | cpe:2.3:o:cisco:nx_os:6.1:*:*:*:*:*:*:* |
cisco | nx_os | 4.0(0)n1 | cpe:2.3:o:cisco:nx_os:4.0\(0\)n1:*:*:*:*:*:*:* |
cisco | nx_os | 4.0(1a)n1 | cpe:2.3:o:cisco:nx_os:4.0\(1a\)n1:*:*:*:*:*:*:* |
cisco | nx_os | 4.0(1a)n2 | cpe:2.3:o:cisco:nx_os:4.0\(1a\)n2:*:*:*:*:*:*:* |
cisco | nx_os | 4.1(2)e1 | cpe:2.3:o:cisco:nx_os:4.1\(2\)e1:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
57.3%