CVE-2015-4237

Cisco NX-OS - OS Command Injection via CLI Parser Filename Handling

Title source: llm
STIX 2.1

Description

The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491, CSCuv08443, CSCuv08480, CSCuv08448, CSCuu99291, CSCuv08434, and CSCuv08436.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1032775
Vendor Advisory vendor-advisory x_refsource_cisco
http://tools.cisco.com/security/center/viewAlert.x?alertId=39583

Scores

EPSS 0.0043
EPSS Percentile 34.2%

Details

CWE
CWE-264 CWE-78
Status published
Products (6)
cisco/nx-os 7.2\(0\)zz\(99.3\)
cisco/nx-os 7.2\(0\)zz\(99.1\)
cisco/nx-os 6.2\(11b\)
cisco/nx-os 9.1\(1\)sv1\(3.1.8\)
cisco/nx-os 6.2\(12\)
cisco/nx-os 4.1\(2\)e1\(1\)
Published Jul 03, 2015
Tracked Since Feb 18, 2026