CVE-2012-4141

Name of the Vulnerable Software and Affected Versions Cisco NX-OS (affected versions not specified)

Description A directory traversal issue in the CLI parser of Cisco NX-OS allows local users to create arbitrary script files via a relative pathname in the file name parameter. This is due to improper input filtering of file name input. An attacker could exploit this by including a relative path in the file name parameter, potentially allowing them to write arbitrary scripts to any part of the file system. The attacker requires authenticated access to the targeted system, which may limit the likelihood of a successful exploit.

Recommendations To resolve the issue, update to a version of Cisco NX-OS that includes the fix for this vulnerability. As a temporary workaround, consider restricting access to the CLI parser or limiting the ability to create files in sensitive locations until a patch is available. Avoid using relative pathnames in the file name parameter until the issue is resolved.