CVE-2013-5556

Name of the Vulnerable Software and Affected Versions Cisco Nexus 1000V switch versions 4.2(1)SV1(5.2b) and earlier for VMware vSphere Cisco Nexus 1000V switch version 5.2(1)SM1(5.1) for Microsoft Hyper-V Cisco Virtual Security Gateway version 4.2(1)VSG1(1) for Nexus 1000V switches

Description The issue allows local users to gain privileges and execute arbitrary commands via crafted install all iso arguments. This is due to a failure of the install all iso command to properly validate user-supplied input. An attacker could exploit this by providing crafted arguments to the install all iso command. The vulnerability can be exploited by an authenticated, local attacker. To exploit this issue, an attacker would need local access to the targeted device.

Recommendations For Cisco Nexus 1000V switch versions 4.2(1)SV1(5.2b) and earlier for VMware vSphere, update to a version that includes the fix for this issue. For Cisco Nexus 1000V switch version 5.2(1)SM1(5.1) for Microsoft Hyper-V, update to a version that includes the fix for this issue. For Cisco Virtual Security Gateway version 4.2(1)VSG1(1) for Nexus 1000V switches, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the install all iso command until a patch is available.