CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
46.3%
A vulnerability in the NX-API management application programming interface (API) in devices running, or based on, Cisco NX-OS Software could allow an authenticated, remote attacker to execute commands with elevated privileges. The vulnerability is due to a failure to properly validate certain parameters included within an NX-API request. An attacker that can successfully authenticate to the NX-API could submit a request designed to bypass NX-OS role assignment. A successful exploit could allow the attacker to execute commands with elevated privileges. This vulnerability affects the following if configured to use the NX-API feature: MDS 9000 Series Multilayer Switches, Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode. Cisco Bug IDs: CSCvc73177, CSCve40903, CSCve40911.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | nx-os | * | cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:* |
cisco | nx-os | 6.0 | cpe:2.3:o:cisco:nx-os:6.0:*:*:*:*:*:*:* |
cisco | nx-os | 7.0 | cpe:2.3:o:cisco:nx-os:7.0:*:*:*:*:*:*:* |
cisco | nx-os | 7.1 | cpe:2.3:o:cisco:nx-os:7.1:*:*:*:*:*:*:* |
cisco | nx-os | 7.2 | cpe:2.3:o:cisco:nx-os:7.2:*:*:*:*:*:*:* |
cisco | nexus_5000 | - | cpe:2.3:h:cisco:nexus_5000:-:*:*:*:*:*:*:* |
cisco | nexus_5010 | - | cpe:2.3:h:cisco:nexus_5010:-:*:*:*:*:*:*:* |
cisco | nexus_5020 | - | cpe:2.3:h:cisco:nexus_5020:-:*:*:*:*:*:*:* |
cisco | nexus_5548p | - | cpe:2.3:h:cisco:nexus_5548p:-:*:*:*:*:*:*:* |
cisco | nexus_5548up | - | cpe:2.3:h:cisco:nexus_5548up:-:*:*:*:*:*:*:* |
[
{
"product": "Cisco NX-OS unknown",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco NX-OS unknown"
}
]
}
]
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
46.3%