CVE-2018-0293

Name of the Vulnerable Software and Affected Versions: Cisco NX-OS Software (affected versions not specified)

Description: A vulnerability in role-based access control (RBAC) for Cisco NX-OS Software could allow an authenticated, remote attacker to execute CLI commands that should be restricted for a nonadministrative user. The attacker would have to possess valid user credentials for the device. The vulnerability is due to incorrect RBAC privilege assignment for certain CLI commands. An attacker could exploit this vulnerability by authenticating to a device as a nonadministrative user and executing specific commands from the CLI. An exploit could allow the attacker to run commands that should be restricted to administrative users. These commands could modify the configuration or boot image on the device.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.