CVE-2015-0658
Cisco NX-OS - Remote Code Execution via DHCP POAP Response Packet
Title source: llmDescription
The DHCP implementation in the PowerOn Auto Provisioning (POAP) feature in Cisco NX-OS does not properly restrict the initialization process, which allows remote attackers to execute arbitrary commands as root by sending crafted response packets on the local network, aka Bug ID CSCur14589.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1031992
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/viewAlert.x?alertId=38062
Scores
EPSS
0.0113
EPSS Percentile
62.6%
Details
CWE
CWE-20
Status
published
Products (50)
cisco/nx-os
6.1\(2\)
cisco/nx-os
6.1\(3\)
cisco/nx-os
6.1\(4\)
cisco/nx-os
6.1\(4a\)
cisco/nx-os
6.2\(2\)
cisco/nx-os
6.2\(2a\)
cisco/nx-os
6.2\(6\)
cisco/nx-os
6.2\(6b\)
cisco/nx-os
6.2\(8\)
cisco/nx-os
6.2\(8a\)
... and 40 more
Published
Mar 28, 2015
Tracked Since
Feb 18, 2026