CVE-2018-0307 (GCVE-0-2018-0307)

Vulnerability from cvelistv5 – Published: 2018-06-20 21:00 – Updated: 2024-11-29 15:01
VLAI?
Summary
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker, authenticated as a privileged user, to execute arbitrary commands with root privileges. Note: On products that support multiple virtual device contexts (VDC), this vulnerability could allow an attacker to access files from any VDC. This vulnerability affects Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCve51704, CSCve91749, CSCve91768.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
Vendor Product Version
n/a Cisco NX-OS unknown Affected: Cisco NX-OS unknown
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:21:15.296Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-cli-injection"
          },
          {
            "name": "1041169",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041169"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-0307",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-29T14:42:13.172512Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-29T15:01:26.265Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS unknown",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco NX-OS unknown"
            }
          ]
        }
      ],
      "datePublic": "2018-06-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker, authenticated as a privileged user, to execute arbitrary commands with root privileges. Note: On products that support multiple virtual device contexts (VDC), this vulnerability could allow an attacker to access files from any VDC. This vulnerability affects Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCve51704, CSCve91749, CSCve91768."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-23T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-cli-injection"
        },
        {
          "name": "1041169",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041169"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2018-0307",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS unknown",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco NX-OS unknown"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker, authenticated as a privileged user, to execute arbitrary commands with root privileges. Note: On products that support multiple virtual device contexts (VDC), this vulnerability could allow an attacker to access files from any VDC. This vulnerability affects Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCve51704, CSCve91749, CSCve91768."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-cli-injection",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-cli-injection"
            },
            {
              "name": "1041169",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041169"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2018-0307",
    "datePublished": "2018-06-20T21:00:00",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-11-29T15:01:26.265Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.0\", \"versionEndExcluding\": \"7.3\\\\(3\\\\)n1\\\\(1\\\\)\", \"matchCriteriaId\": \"D75479AD-9847-497C-9438-AA82D91B6F71\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_5000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4F2B1E07-8519-4F58-9048-81ABA12E01DC\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_5010:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E275D31F-4FA1-428E-AB4A-D2802FF0CF1A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_5020:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA7F5823-41A8-47C8-A154-02C6C31EF76A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_5548p:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E5519EA9-1236-4F51-9974-E3FC1B26B5D2\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_5548up:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CB0A3B06-8B25-4CD3-AFA9-5F928B1042F4\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_5596t:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1766443C-1C5A-486E-A36F-D3045F364D78\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_5596up:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DC4D4403-F93B-4CC8-B75F-7A5B03FEDD85\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_56128p:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ABB6E612-4246-4408-B3F6-B31E771F5ACB\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_5624q:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"91B129B2-2B31-4DE0-9F83-CC6E0C8729A0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_5648q:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3CBD3CD0-B542-4B23-9C9D-061643BE44E8\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_5672up:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A22A2647-A4C0-4681-BBC5-D95ADBAA0457\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_5696q:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B2BB1A3A-668C-4B0D-8AC2-6B4758B3420B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.2\", \"versionEndExcluding\": \"8.1\\\\(2\\\\)\", \"matchCriteriaId\": \"B6004E45-878B-4034-AD67-8D2CCB01E9B6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:nx-os:8.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E40D9097-C95A-4813-9DEE-89CA75820524\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"12180BEB-7F21-4FA7-ABD2-E9A8EA7340F3\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_7700:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DD7A4B4B-3BB1-4A4D-911E-C4EEF01BBC45\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"7.0\\\\(3\\\\)i3\", \"matchCriteriaId\": \"93C9AFED-1347-4B0E-B031-AF5EA891B9BD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.0\\\\(3\\\\)i4\", \"versionEndExcluding\": \"7.0\\\\(3\\\\)i7\\\\(1\\\\)\", \"matchCriteriaId\": \"15C899EF-A64F-4FD8-851C-1D4E2929BAF4\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_92160yc-x:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4283E433-7F8C-4410-B565-471415445811\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_92304qc:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5B2E4C1-2627-4B9D-8E92-4B483F647651\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9236c:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"11411BFD-3F4D-4309-AB35-A3629A360FB0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9272q:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E663DE91-C86D-48DC-B771-FA72A8DF7A7C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_93108tc-ex:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A90184B3-C82F-4CE5-B2AD-97D5E4690871\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07DE6F63-2C7D-415B-8C34-01EC05C062F3\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_93128tx:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F423E45D-A6DD-4305-9C6A-EAB26293E53A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_93180yc-ex:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F70D81F1-8B12-4474-9060-B4934D8A3873\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9332pq:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"113772B6-E9D2-4094-9468-3F4E1A87D07D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9372px:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4364ADB9-8162-451D-806A-B98924E6B2CF\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9372tx:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"49E0371B-FDE2-473C-AA59-47E1269D050F\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9396px:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1BC5293E-F2B4-46DC-85DA-167EA323FCFD\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9396tx:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EA022E77-6557-4A33-9A3A-D028E2DB669A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9504:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"768BE390-5ED5-48A7-9E80-C4DE8BA979B1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9508:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DDC2F709-AFBE-48EA-A3A2-DA1134534FB6\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9516:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7E02DC82-0D26-436F-BA64-73C958932B0A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_n9k-c9508-fm-r:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0FD46BDD-4755-46DD-9F83-B2B589B09417\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_n9k-x9636c-r:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0603E231-14E0-4224-898F-ED61641F7403\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_n9k-x9636q-r:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FE3EB1F2-F964-4D4E-BDE7-8E6805105152\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"7.0\\\\(3\\\\)i3\", \"matchCriteriaId\": \"93C9AFED-1347-4B0E-B031-AF5EA891B9BD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.0\\\\(3\\\\)i4\", \"versionEndExcluding\": \"7.0\\\\(3\\\\)i7\\\\(1\\\\)\", \"matchCriteriaId\": \"15C899EF-A64F-4FD8-851C-1D4E2929BAF4\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_172tq-xl:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"38AC6D08-C547-44A3-AC77-A63DB58E4889\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3016:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"528ED62B-D739-4E06-AC64-B506FD73BBAB\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3048:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC2A6C31-438A-4CF5-A3F3-364B1672EB7D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3064-32t:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"09AC2BAD-F536-48D0-A2F0-D4E290519EB6\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3064-t:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"65CB7F6D-A82B-4A31-BFAC-FF4A4B8DF9C1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3064-x:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ECC4FFCC-E886-49BC-9737-5B5BA2AAB14B\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3100-v:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A8FF2EC4-0C09-4C00-9956-A2A4A894F63D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_31128pq:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4226DA0-9371-401C-8247-E6E636A116C3\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3132c-z:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7664666F-BCE4-4799-AEEA-3A73E6AD33F4\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3132q:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D3DBBFE9-835C-4411-8492-6006E74BAC65\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3132q-x:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C97C29EE-9426-4BBE-8D84-AB5FF748703D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3132q-xl:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8F43B770-D96C-44EA-BC12-9F39FC4317B9\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3164q:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA782EB3-E8E6-4DCF-B39C-B3CBD46E4384\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3172pq:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CED628B5-97A8-4B26-AA40-BEC854982157\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3172pq-xl:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7BB9DD73-E31D-4921-A6D6-E14E04703588\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3172tq:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4532F513-0543-4960-9877-01F23CA7BA1B\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3172tq-32t:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0B43502B-FD53-465A-B60F-6A359C6ACD99\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3232c:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"652A2849-668D-4156-88FB-C19844A59F33\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3264c-e:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"24FBE87B-8A4F-43A8-98A3-4A7D9C630937\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3264q:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6ACD09AC-8B28-4ACB-967B-AB3D450BC137\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_34180yc:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DC7286A7-780F-4A45-940A-4AD5C9D0F201\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3524-x:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"10F80A72-AD54-4699-B8AE-82715F0B58E2\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3524-xl:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9354B6A2-D7D6-442E-BF4C-FE8A336D9E94\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3548:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"088C0323-683A-44F5-8D42-FF6EC85D080E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3548-x:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"74CB4002-7636-4382-B33E-FBA060A13C34\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3548-xl:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"10CEBF73-3EE0-459A-86C5-F8F6243FE27C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3636c-r:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"57572E4A-78D5-4D1A-938B-F05F01759612\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_c36180yc-r:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0C9D4C48-4D01-4761-B2D8-F16E90F78560\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.0\", \"versionEndExcluding\": \"7.3\\\\(3\\\\)n1\\\\(1\\\\)\", \"matchCriteriaId\": \"D75479AD-9847-497C-9438-AA82D91B6F71\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_6001p:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51EAD169-9036-496E-B740-45D79546F6D6\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_6001t:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0E01F0DE-EA8A-451F-BADF-1A7A48B0C633\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:nx-os:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"02DD5791-E4D3-475C-84B0-E642ACFC5EB6\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9500:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"63BE0266-1C00-4D6A-AD96-7F82532ABAA7\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker, authenticated as a privileged user, to execute arbitrary commands with root privileges. Note: On products that support multiple virtual device contexts (VDC), this vulnerability could allow an attacker to access files from any VDC. This vulnerability affects Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCve51704, CSCve91749, CSCve91768.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en la interfaz de l\\u00ednea de comandos del software NX-OS podr\\u00eda permitir que un atacante local autenticado realice un ataque de inyecci\\u00f3n de comandos en un dispositivo afectado. La vulnerabilidad se debe a una validaci\\u00f3n de entrada insuficiente de algunos argumentos de comandos. Un atacante podr\\u00eda explotar esta vulnerabilidad inyectando argumentos de comando maliciosos en una comando de interfaz de l\\u00ednea de comandos vulnerable. Su explotaci\\u00f3n con \\u00e9xito podr\\u00eda permitir que el atacante, autenticado como usuario con privilegios, ejecute comandos arbitrarios con privilegios root. Nota: en productos que soportan m\\u00faltiples contextos de dispositivos virtuales (VDC), esta vulnerabilidad podr\\u00eda permitir que un atacante acceda a archivos desde cualquier VDC. Esta vulnerabilidad afecta a Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches en modo NX-OS independiente y los m\\u00f3dulos Line Cards y Fabric de Nexus 9500 R-Series. Cisco Bug IDs: CSCve51704, CSCve91749, CSCve91768.\"}]",
      "id": "CVE-2018-0307",
      "lastModified": "2024-11-21T03:37:56.687",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-06-20T21:29:00.577",
      "references": "[{\"url\": \"http://www.securitytracker.com/id/1041169\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-cli-injection\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1041169\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-cli-injection\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"ykramarz@cisco.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-0307\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2018-06-20T21:29:00.577\",\"lastModified\":\"2024-11-21T03:37:56.687\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker, authenticated as a privileged user, to execute arbitrary commands with root privileges. Note: On products that support multiple virtual device contexts (VDC), this vulnerability could allow an attacker to access files from any VDC. This vulnerability affects Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCve51704, CSCve91749, CSCve91768.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en la interfaz de l\u00ednea de comandos del software NX-OS podr\u00eda permitir que un atacante local autenticado realice un ataque de inyecci\u00f3n de comandos en un dispositivo afectado. La vulnerabilidad se debe a una validaci\u00f3n de entrada insuficiente de algunos argumentos de comandos. Un atacante podr\u00eda explotar esta vulnerabilidad inyectando argumentos de comando maliciosos en una comando de interfaz de l\u00ednea de comandos vulnerable. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante, autenticado como usuario con privilegios, ejecute comandos arbitrarios con privilegios root. Nota: en productos que soportan m\u00faltiples contextos de dispositivos virtuales (VDC), esta vulnerabilidad podr\u00eda permitir que un atacante acceda a archivos desde cualquier VDC. Esta vulnerabilidad afecta a Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches en modo NX-OS independiente y los m\u00f3dulos Line Cards y Fabric de Nexus 9500 R-Series. Cisco Bug IDs: CSCve51704, CSCve91749, CSCve91768.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0\",\"versionEndExcluding\":\"7.3\\\\(3\\\\)n1\\\\(1\\\\)\",\"matchCriteriaId\":\"D75479AD-9847-497C-9438-AA82D91B6F71\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_5000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F2B1E07-8519-4F58-9048-81ABA12E01DC\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_5010:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E275D31F-4FA1-428E-AB4A-D2802FF0CF1A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_5020:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA7F5823-41A8-47C8-A154-02C6C31EF76A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_5548p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5519EA9-1236-4F51-9974-E3FC1B26B5D2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_5548up:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB0A3B06-8B25-4CD3-AFA9-5F928B1042F4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_5596t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1766443C-1C5A-486E-A36F-D3045F364D78\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_5596up:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC4D4403-F93B-4CC8-B75F-7A5B03FEDD85\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_56128p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABB6E612-4246-4408-B3F6-B31E771F5ACB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_5624q:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91B129B2-2B31-4DE0-9F83-CC6E0C8729A0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_5648q:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CBD3CD0-B542-4B23-9C9D-061643BE44E8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_5672up:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A22A2647-A4C0-4681-BBC5-D95ADBAA0457\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_5696q:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2BB1A3A-668C-4B0D-8AC2-6B4758B3420B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"8.1\\\\(2\\\\)\",\"matchCriteriaId\":\"B6004E45-878B-4034-AD67-8D2CCB01E9B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E40D9097-C95A-4813-9DEE-89CA75820524\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12180BEB-7F21-4FA7-ABD2-E9A8EA7340F3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_7700:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD7A4B4B-3BB1-4A4D-911E-C4EEF01BBC45\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.0\\\\(3\\\\)i3\",\"matchCriteriaId\":\"93C9AFED-1347-4B0E-B031-AF5EA891B9BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0\\\\(3\\\\)i4\",\"versionEndExcluding\":\"7.0\\\\(3\\\\)i7\\\\(1\\\\)\",\"matchCriteriaId\":\"15C899EF-A64F-4FD8-851C-1D4E2929BAF4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_92160yc-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4283E433-7F8C-4410-B565-471415445811\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_92304qc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5B2E4C1-2627-4B9D-8E92-4B483F647651\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9236c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11411BFD-3F4D-4309-AB35-A3629A360FB0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9272q:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E663DE91-C86D-48DC-B771-FA72A8DF7A7C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93108tc-ex:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A90184B3-C82F-4CE5-B2AD-97D5E4690871\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07DE6F63-2C7D-415B-8C34-01EC05C062F3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93128tx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F423E45D-A6DD-4305-9C6A-EAB26293E53A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93180yc-ex:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F70D81F1-8B12-4474-9060-B4934D8A3873\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9332pq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"113772B6-E9D2-4094-9468-3F4E1A87D07D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9372px:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4364ADB9-8162-451D-806A-B98924E6B2CF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9372tx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49E0371B-FDE2-473C-AA59-47E1269D050F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9396px:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BC5293E-F2B4-46DC-85DA-167EA323FCFD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9396tx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA022E77-6557-4A33-9A3A-D028E2DB669A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9504:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"768BE390-5ED5-48A7-9E80-C4DE8BA979B1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9508:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDC2F709-AFBE-48EA-A3A2-DA1134534FB6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9516:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E02DC82-0D26-436F-BA64-73C958932B0A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_n9k-c9508-fm-r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FD46BDD-4755-46DD-9F83-B2B589B09417\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_n9k-x9636c-r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0603E231-14E0-4224-898F-ED61641F7403\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_n9k-x9636q-r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE3EB1F2-F964-4D4E-BDE7-8E6805105152\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.0\\\\(3\\\\)i3\",\"matchCriteriaId\":\"93C9AFED-1347-4B0E-B031-AF5EA891B9BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0\\\\(3\\\\)i4\",\"versionEndExcluding\":\"7.0\\\\(3\\\\)i7\\\\(1\\\\)\",\"matchCriteriaId\":\"15C899EF-A64F-4FD8-851C-1D4E2929BAF4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_172tq-xl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38AC6D08-C547-44A3-AC77-A63DB58E4889\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3016:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"528ED62B-D739-4E06-AC64-B506FD73BBAB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3048:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC2A6C31-438A-4CF5-A3F3-364B1672EB7D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3064-32t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09AC2BAD-F536-48D0-A2F0-D4E290519EB6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3064-t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65CB7F6D-A82B-4A31-BFAC-FF4A4B8DF9C1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3064-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECC4FFCC-E886-49BC-9737-5B5BA2AAB14B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3100-v:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8FF2EC4-0C09-4C00-9956-A2A4A894F63D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_31128pq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4226DA0-9371-401C-8247-E6E636A116C3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3132c-z:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7664666F-BCE4-4799-AEEA-3A73E6AD33F4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3132q:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3DBBFE9-835C-4411-8492-6006E74BAC65\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3132q-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C97C29EE-9426-4BBE-8D84-AB5FF748703D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3132q-xl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F43B770-D96C-44EA-BC12-9F39FC4317B9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3164q:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA782EB3-E8E6-4DCF-B39C-B3CBD46E4384\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3172pq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CED628B5-97A8-4B26-AA40-BEC854982157\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3172pq-xl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BB9DD73-E31D-4921-A6D6-E14E04703588\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3172tq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4532F513-0543-4960-9877-01F23CA7BA1B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3172tq-32t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B43502B-FD53-465A-B60F-6A359C6ACD99\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3232c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"652A2849-668D-4156-88FB-C19844A59F33\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3264c-e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24FBE87B-8A4F-43A8-98A3-4A7D9C630937\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3264q:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6ACD09AC-8B28-4ACB-967B-AB3D450BC137\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_34180yc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC7286A7-780F-4A45-940A-4AD5C9D0F201\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3524-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10F80A72-AD54-4699-B8AE-82715F0B58E2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3524-xl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9354B6A2-D7D6-442E-BF4C-FE8A336D9E94\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3548:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"088C0323-683A-44F5-8D42-FF6EC85D080E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3548-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74CB4002-7636-4382-B33E-FBA060A13C34\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3548-xl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10CEBF73-3EE0-459A-86C5-F8F6243FE27C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3636c-r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57572E4A-78D5-4D1A-938B-F05F01759612\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_c36180yc-r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C9D4C48-4D01-4761-B2D8-F16E90F78560\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0\",\"versionEndExcluding\":\"7.3\\\\(3\\\\)n1\\\\(1\\\\)\",\"matchCriteriaId\":\"D75479AD-9847-497C-9438-AA82D91B6F71\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_6001p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EAD169-9036-496E-B740-45D79546F6D6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_6001t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E01F0DE-EA8A-451F-BADF-1A7A48B0C633\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02DD5791-E4D3-475C-84B0-E642ACFC5EB6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63BE0266-1C00-4D6A-AD96-7F82532ABAA7\"}]}]}],\"references\":[{\"url\":\"http://www.securitytracker.com/id/1041169\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-cli-injection\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1041169\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-cli-injection\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-cli-injection\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://www.securitytracker.com/id/1041169\", \"name\": \"1041169\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-05T03:21:15.296Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2018-0307\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-29T14:42:13.172512Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-29T14:42:41.051Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"Cisco NX-OS unknown\", \"versions\": [{\"status\": \"affected\", \"version\": \"Cisco NX-OS unknown\"}]}], \"datePublic\": \"2018-06-20T00:00:00\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-cli-injection\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://www.securitytracker.com/id/1041169\", \"name\": \"1041169\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker, authenticated as a privileged user, to execute arbitrary commands with root privileges. Note: On products that support multiple virtual device contexts (VDC), this vulnerability could allow an attacker to access files from any VDC. This vulnerability affects Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCve51704, CSCve91749, CSCve91768.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2018-06-23T09:57:01\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"Cisco NX-OS unknown\"}]}, \"product_name\": \"Cisco NX-OS unknown\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-cli-injection\", \"name\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-cli-injection\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://www.securitytracker.com/id/1041169\", \"name\": \"1041169\", \"refsource\": \"SECTRACK\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker, authenticated as a privileged user, to execute arbitrary commands with root privileges. Note: On products that support multiple virtual device contexts (VDC), this vulnerability could allow an attacker to access files from any VDC. This vulnerability affects Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCve51704, CSCve91749, CSCve91768.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-20\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2018-0307\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"psirt@cisco.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2018-0307\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-29T15:01:26.265Z\", \"dateReserved\": \"2017-11-27T00:00:00\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2018-06-20T21:00:00\", \"assignerShortName\": \"cisco\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.