CVE-2018-0307

Name of the Vulnerable Software and Affected Versions: Cisco NX-OS Software versions (affected versions not specified)

Description: The issue is due to insufficient input validation of command arguments in the CLI of Cisco NX-OS Software, allowing an authenticated, local attacker to perform a command-injection attack. This could enable the attacker to execute arbitrary commands with root privileges. On products that support multiple virtual device contexts (VDC), this issue could also allow an attacker to access files from any VDC.

Recommendations: For Nexus 2000 Series Fabric Extenders, update to a fixed software version. For Nexus 3000 Series Switches, update to a fixed software version. For Nexus 3500 Platform Switches, update to a fixed software version. For Nexus 3600 Platform Switches, update to a fixed software version. For Nexus 5500 Platform Switches, update to a fixed software version. For Nexus 5600 Platform Switches, update to a fixed software version. For Nexus 6000 Series Switches, update to a fixed software version. For Nexus 7000 Series Switches, update to a fixed software version. For Nexus 7700 Series Switches, update to a fixed software version. For Nexus 9000 Series Switches in standalone NX-OS mode, update to a fixed software version. For Nexus 9500 R-Series Line Cards and Fabric Modules, update to a fixed software version. As a temporary workaround, consider restricting access to the CLI until a patch is available.