Vulnerabilities > CVE-2018-0337 - Incorrect Authorization vulnerability in Cisco Nx-Os

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

cisco

CWE-863

NVD

Published: 2018-06-21

Updated: 2020-08-31

Summary

A vulnerability in the role-based access-checking mechanisms of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on an affected device. The vulnerability exists because the affected software lacks proper input and validation checks for certain file systems. An attacker could exploit this vulnerability by issuing crafted commands in the CLI of an affected device. A successful exploit could allow the attacker to cause other users to execute unwanted, arbitrary commands on the affected device. Cisco Bug IDs: CSCvd06339, CSCvd15698, CSCvd36108, CSCvf52921, CSCvf52930, CSCvf52953, CSCvf52976.

Vulnerable Configurations

Part	Description	Count
OS	Cisco Cisco NX OS 7.0\(8\)N1\(1\) Cisco NX OS 7.1\(4\)N1\(1\) Cisco NX OS 7.3\(1\)N1\(0.6\) Cisco NX OS 7.3\(2\)N1\(0.350\) Cisco NX OS 7.3\(1\)Dx\(0.119\) Cisco NX OS 7.3\(3\)D1\(0.2\) Cisco NX OS 8.0\(0.54\)S0 Cisco NX OS 8.1\(0\)Bd\(0.20\) Cisco NX OS 8.1\(0.9\) Cisco NX OS 8.2\(0.4\)S0 Cisco NX OS 8.3\(0\)Spg\(0.30\) Cisco NX OS 8.8\(3.5\)S0	12
Hardware	Cisco Cisco Nexus 5000 - Cisco Nexus 5010 - Cisco Nexus 5020 - Cisco Nexus 5548P - Cisco Nexus 5548Up - Cisco Nexus 5596T - Cisco Nexus 5596Up - Cisco Nexus 56128P - Cisco Nexus 5624Q - Cisco Nexus 5648Q - Cisco Nexus 5672Up - Cisco Nexus 5696Q - Cisco Nexus 7000 - Cisco Nexus 7700 -	14

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxos-rbaccess