Description
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments for a specific CLI command. An attacker could exploit this vulnerability by including crafted input as the argument of the affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the currently logged-in user.
References (1)
Core 1
Core References
Scores
CVSS v3
4.4
EPSS
0.0009
EPSS Percentile
24.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-78
Status
published
Products (50)
Cisco/Cisco NX-OS Software
10.1(1)
Cisco/Cisco NX-OS Software
10.1(2)
Cisco/Cisco NX-OS Software
10.1(2t)
Cisco/Cisco NX-OS Software
10.2(1)
Cisco/Cisco NX-OS Software
10.2(1q)
Cisco/Cisco NX-OS Software
10.2(2)
Cisco/Cisco NX-OS Software
10.2(2a)
Cisco/Cisco NX-OS Software
10.2(3)
Cisco/Cisco NX-OS Software
10.2(3t)
Cisco/Cisco NX-OS Software
10.2(3v)
... and 40 more
Published
Aug 28, 2024
Tracked Since
Feb 18, 2026