CVE-2018-0330

Name of the Vulnerable Software and Affected Versions Cisco NX-OS Software (affected versions not specified)

Description A vulnerability in the NX-API management application programming interface (API) could allow an authenticated, remote attacker to execute commands with elevated privileges. The issue is due to a failure to properly validate certain parameters included within an NX-API request. An attacker that can successfully authenticate to the NX-API could submit a request designed to bypass NX-OS role assignment, potentially allowing the execution of commands with elevated privileges. This affects devices configured to use the NX-API feature, including various Cisco switch series.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.