CVE-2015-4232

Name of the Vulnerable Software and Affected Versions Cisco NX-OS version 6.2(10)

Description The issue is related to insufficient access control to files in the network operating system, allowing a local attacker to execute arbitrary OS commands by passing special parameters. This is due to insufficient input sanitization of parameters passed to the tar command in the command-line interpreter. An attacker with local access and authentication to the device can leverage this behavior to execute arbitrary commands on the underlying operating system with user privileges.

Recommendations For Cisco NX-OS version 6.2(10), update to a newer version that includes the fix for this issue, as confirmed by Cisco. As a temporary workaround, consider restricting access to the tar command until a patch is available. Additionally, limit local access and authentication to the device to minimize the risk of exploitation.