CVE-2013-3400

Name of the Vulnerable Software and Affected Versions Cisco NX-OS on Nexus 1000V devices (affected versions not specified)

Description The issue allows local users to execute arbitrary commands via crafted arguments to the install license command. This is due to a failure to properly validate user-supplied input. An attacker could exploit this by providing crafted arguments to the install license command. The vulnerability can be exploited by authenticated, local attackers who have sufficient privileges to execute the vulnerable command.

Recommendations For all affected versions, update to a version that includes the fix for this issue, as confirmed by Cisco in their security notice. As a temporary workaround, consider restricting access to the install license command to minimize the risk of exploitation.