The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Cisco NX-OS: privilege escalation via CLI Command Injection

Synthesis of the vulnerability 

An attacker can bypass restrictions via CLI Command Injection of Cisco NX-OS, in order to escalate his privileges.
Impacted software: Nexus by Cisco, NX-OS.
Severity of this computer vulnerability: 2/4.
Creation date: 20/03/2019.
Références of this announce: cisco-sa-20190306-nxos-cmdinj-1613, CSCvj63807, CSCvj65654, CSCvk50903, CSCvk50906, CVE-2019-1613, VIGILANCE-VUL-28780.

Description of the vulnerability 

An attacker can bypass restrictions via CLI Command Injection of Cisco NX-OS, in order to escalate his privileges.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This vulnerability bulletin impacts software or systems such as Nexus by Cisco, NX-OS.

Our Vigil@nce team determined that the severity of this security note is medium.

The trust level is of type confirmed by the editor, with an origin of user console.

An attacker with a expert ability can exploit this cybersecurity note.

Solutions for this threat 

Cisco NX-OS: solution CSCvj63807 CSCvj65654 CSCvk50903 CSCvk50906.
The solution is described on the Cisco site:
  https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj63807
  https://tools.cisco.com/bugsearch/bug/CSCvj63807
  https://tools.cisco.com/quickview/bug/CSCvj63807
  https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj65654
  https://tools.cisco.com/bugsearch/bug/CSCvj65654
  https://tools.cisco.com/quickview/bug/CSCvj65654
  https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk50903
  https://tools.cisco.com/bugsearch/bug/CSCvk50903
  https://tools.cisco.com/quickview/bug/CSCvk50903
  https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk50906
  https://tools.cisco.com/bugsearch/bug/CSCvk50906
  https://tools.cisco.com/quickview/bug/CSCvk50906
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a cybersecurity note. The technology watch team tracks security threats targeting the computer system.