CVE-2015-0658

Cisco NX-OS - Remote Code Execution via DHCP POAP Response Packet

Title source: llm
STIX 2.1

Description

The DHCP implementation in the PowerOn Auto Provisioning (POAP) feature in Cisco NX-OS does not properly restrict the initialization process, which allows remote attackers to execute arbitrary commands as root by sending crafted response packets on the local network, aka Bug ID CSCur14589.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1031992
Vendor Advisory vendor-advisory x_refsource_cisco
http://tools.cisco.com/security/center/viewAlert.x?alertId=38062

Scores

EPSS 0.0113
EPSS Percentile 62.6%

Details

CWE
CWE-20
Status published
Products (50)
cisco/nx-os 6.1\(2\)
cisco/nx-os 6.1\(3\)
cisco/nx-os 6.1\(4\)
cisco/nx-os 6.1\(4a\)
cisco/nx-os 6.2\(2\)
cisco/nx-os 6.2\(2a\)
cisco/nx-os 6.2\(6\)
cisco/nx-os 6.2\(6b\)
cisco/nx-os 6.2\(8\)
cisco/nx-os 6.2\(8a\)
... and 40 more
Published Mar 28, 2015
Tracked Since Feb 18, 2026