CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
5.2%
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to access internal services that should be restricted on an affected device, such as the NX-API. The vulnerability is due to insufficient validation of arguments passed to a certain CLI command. An attacker could exploit this vulnerability by including malicious input as the argument to the affected command. A successful exploit could allow the attacker to bypass intended restrictions and access internal services of the device. An attacker would need valid device credentials to exploit this vulnerability.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | nx-os | * | cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:* |
cisco | mds_9000 | - | cpe:2.3:h:cisco:mds_9000:-:*:*:*:*:*:*:* |
cisco | mds_9100 | - | cpe:2.3:h:cisco:mds_9100:-:*:*:*:*:*:*:* |
cisco | mds_9200 | - | cpe:2.3:h:cisco:mds_9200:-:*:*:*:*:*:*:* |
cisco | mds_9500 | - | cpe:2.3:h:cisco:mds_9500:-:*:*:*:*:*:*:* |
cisco | mds_9700 | - | cpe:2.3:h:cisco:mds_9700:-:*:*:*:*:*:*:* |
cisco | nexus_3000 | - | cpe:2.3:h:cisco:nexus_3000:-:*:*:*:*:*:*:* |
cisco | nexus_3100 | - | cpe:2.3:h:cisco:nexus_3100:-:*:*:*:*:*:*:* |
cisco | nexus_3100-z | - | cpe:2.3:h:cisco:nexus_3100-z:-:*:*:*:*:*:*:* |
cisco | nexus_3100v | - | cpe:2.3:h:cisco:nexus_3100v:-:*:*:*:*:*:*:* |
[
{
"product": "Cisco NX-OS Software",
"vendor": "Cisco",
"versions": [
{
"lessThan": "6.2(25)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "8.3(2)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "7.0(3)I7(3)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "9.2(1)",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
5.2%