APP: Cisco NX-OS Privilege Escalation
This signature detects attempts to exploit a known flaw in Cisco NS-OS. The vulnerability is due to insufficient validation of CLI input containing the pipe character (|). Remote authenticated attackers can exploit this vulnerability by using specially crafted commands on a vulnerable system. Successful exploitation could cause execution of restricted commands, resulting in access to the underlying Linux operating system.
Extended Description
Cisco Nexus OS is prone to multiple local command-injection vulnerabilities. A local attacker can exploit these issues to execute arbitrary commands with administrative privileges. Successful exploits may compromise the affected computer. Cisco MDS, UCS, Nexus 7000, 5000, 4000, 3000, 2000, and 1000V are vulnerable; other versions may also be affected.
Affected Products
Cisco nexus_3000,Cisco nx-os
Short Name
APP:CISCO:NX-OS-PRIV-ESC
Severity
Major
Recommended
False
Recommended Action
None
Category
APP
Keywords
CVE-2011-2569 Cisco Escalation NX-OS Privilege bid:50347
Release Date
11/02/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Cisco
CVSS Score
6.8