CVE-2015-4237
Last modified
CVE-2015-4237 is a vulnerability of currently unknown severity. The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491, CSCuv08443, CSCuv08480, CSCuv08448, CSCuu99291, CSCuv08434, and CSCuv08436.. EPSS estimates a 0.43% chance of exploitation in the next 30 days.
Description
The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491, CSCuv08443, CSCuv08480, CSCuv08448, CSCuu99291, CSCuv08434, and CSCuv08436.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Nx-Os | 7.2\(0\)zz\(99.3\) |
| Cisco | Nx-Os | 7.2\(0\)zz\(99.1\) |
| Cisco | Nx-Os | 6.2\(11b\) |
| Cisco | Nx-Os | 9.1\(1\)sv1\(3.1.8\) |
| Cisco | Nx-Os | 6.2\(12\) |
| Cisco | Nx-Os | 4.1\(2\)e1\(1\) |
References
- http://www.securitytracker.com/id/1032775Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1032775Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-4237?
How severe is CVE-2015-4237?
How do I fix CVE-2015-4237?
Are you affected by CVE-2015-4237?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST