CVE-2015-0721

Name of the Vulnerable Software and Affected Versions Cisco NX-OS versions 4.0 through 7.3

Description The issue allows remote authenticated users to bypass intended AAA restrictions and obtain privileged CLI access via crafted parameters in an SSH connection negotiation. This is due to the improper processing of certain parameters passed to an affected device during the negotiation of an SSH connection. An attacker could exploit this by authenticating to an affected device and passing a malicious value as part of the login procedure, potentially allowing them to execute commands on the device command-line interface (CLI) that should be restricted to a different privileged user role.

Recommendations For Cisco NX-OS versions 4.0 through 7.3, update to a version that includes the software updates released by Cisco to address this issue.