CVE-2012-4077

Name of the Vulnerable Software and Affected Versions Cisco NX-OS (affected versions not specified)

Description A vulnerability in input parsing in Cisco NX-OS Software could allow an authenticated, local attacker to execute commands on the underlying operating system. The issue is due to improper filtering of parameters passed to the Stream Editor (sed) filter, specifically when using sed with the e option. A successful exploit could allow the attacker to access the bash shell and run arbitrary shell commands with administrative privileges. To exploit this vulnerability, an attacker requires authenticated access to the targeted system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.