PT-2014-3779 · Cisco · Cisco Nx-Os+1
Published
2014-05-06
·
Updated
2014-05-07
·
CVE-2014-0684
CVSS v2.0
4.6
Medium
| Vector | AV:L/AC:L/Au:S/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Cisco NX-OS version 6.2(2)
Description
A denial of service condition can be caused by an authenticated, local attacker on affected devices due to an error in input validation for the
sed command. The attacker could exploit this by passing crafted input to the sed command, allowing them to cause a denial of service condition. This vulnerability requires local access to the targeted device, reducing the likelihood of a successful exploit.Recommendations
For Cisco NX-OS version 6.2(2), update to a newer version that includes the fix for this issue, as confirmed by Cisco in their security notice. As a temporary workaround, consider restricting access to the
sed command to minimize the risk of exploitation.Fix
DoS
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Nx-Os
Cisco Nexus