CVE-2018-0307 : A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-inj

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker, authenticated as a privileged user, to execute arbitrary commands with root privileges. Note: On products that support multiple virtual device contexts (VDC), this vulnerability could allow an attacker to access files from any VDC. This vulnerability affects Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCve51704, CSCve91749, CSCve91768.

Published 2018-06-20 21:29:01

Updated 2020-09-04 15:59:07

Source Cisco Systems, Inc.

View at NVD, CVE.org

Vulnerability category: Input validation

Exploit prediction scoring system (EPSS) score for CVE-2018-0307

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2018-0307

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2018-0307

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: ykramarz@cisco.com (Secondary)
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2018-0307

http://www.securitytracker.com/id/1041169

Cisco NX-OS Multiple Bugs Let Remote Users Deny Service and Execute Arbitrary Code and Let Remote Authenticated Users Gain Elevated Privileges - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-cli-injection

Cisco NX-OS Software CLI Arbitrary Command Injection Vulnerability
Vendor Advisory

Products affected by CVE-2018-0307

Cisco » Nx-os
Versions from including (>=) 7.0\(3\)i4 and before (<) 7.0\(3\)i7\(1\)
cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Nexus 92160yc-x » Version: N/A
When used together with: Cisco » Nexus 92304qc » Version: N/A
When used together with: Cisco » Nexus 9236c » Version: N/A
When used together with: Cisco » Nexus 9272q » Version: N/A
When used together with: Cisco » Nexus 93108tc-ex » Version: N/A
When used together with: Cisco » Nexus 93120tx » Version: N/A
When used together with: Cisco » Nexus 93128tx » Version: N/A
When used together with: Cisco » Nexus 93180yc-ex » Version: N/A
When used together with: Cisco » Nexus 9332pq » Version: N/A
When used together with: Cisco » Nexus 9372px » Version: N/A
When used together with: Cisco » Nexus 9372tx » Version: N/A
When used together with: Cisco » Nexus 9396px » Version: N/A
When used together with: Cisco » Nexus 9396tx » Version: N/A
When used together with: Cisco » Nexus 9504 » Version: N/A
When used together with: Cisco » Nexus 9508 » Version: N/A
When used together with: Cisco » Nexus 9516 » Version: N/A
When used together with: Cisco » Nexus N9k-c9508-fm-r » Version: N/A
When used together with: Cisco » Nexus N9k-x9636c-r » Version: N/A
When used together with: Cisco » Nexus N9k-x9636q-r » Version: N/A
Cisco » Nx-os
Versions before (<) 7.0\(3\)i3
cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Nexus 92160yc-x » Version: N/A
When used together with: Cisco » Nexus 92304qc » Version: N/A
When used together with: Cisco » Nexus 9236c » Version: N/A
When used together with: Cisco » Nexus 9272q » Version: N/A
When used together with: Cisco » Nexus 93108tc-ex » Version: N/A
When used together with: Cisco » Nexus 93120tx » Version: N/A
When used together with: Cisco » Nexus 93128tx » Version: N/A
When used together with: Cisco » Nexus 93180yc-ex » Version: N/A
When used together with: Cisco » Nexus 9332pq » Version: N/A
When used together with: Cisco » Nexus 9372px » Version: N/A
When used together with: Cisco » Nexus 9372tx » Version: N/A
When used together with: Cisco » Nexus 9396px » Version: N/A
When used together with: Cisco » Nexus 9396tx » Version: N/A
When used together with: Cisco » Nexus 9504 » Version: N/A
When used together with: Cisco » Nexus 9508 » Version: N/A
When used together with: Cisco » Nexus 9516 » Version: N/A
When used together with: Cisco » Nexus N9k-c9508-fm-r » Version: N/A
When used together with: Cisco » Nexus N9k-x9636c-r » Version: N/A
When used together with: Cisco » Nexus N9k-x9636q-r » Version: N/A
Cisco » Nx-os
Versions from including (>=) 6.2 and before (<) 8.1\(2\)
cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Nexus 7000 » Version: N/A
When used together with: Cisco » Nexus 7700 » Version: N/A
Cisco » Nx-os
Versions from including (>=) 6.0 and before (<) 7.3\(3\)n1\(1\)
cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Nexus 5000 » Version: N/A
When used together with: Cisco » Nexus 5010 » Version: N/A
When used together with: Cisco » Nexus 5020 » Version: N/A
When used together with: Cisco » Nexus 5548p » Version: N/A
When used together with: Cisco » Nexus 5548up » Version: N/A
When used together with: Cisco » Nexus 5596t » Version: N/A
When used together with: Cisco » Nexus 5596up » Version: N/A
When used together with: Cisco » Nexus 56128p » Version: N/A
When used together with: Cisco » Nexus 5624q » Version: N/A
When used together with: Cisco » Nexus 5648q » Version: N/A
When used together with: Cisco » Nexus 5672up » Version: N/A
When used together with: Cisco » Nexus 5696q » Version: N/A
Cisco » Nx-os » Version: 8.2
cpe:2.3:o:cisco:nx-os:8.2:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Nexus 7000 » Version: N/A
When used together with: Cisco » Nexus 7700 » Version: N/A
Cisco » Nx-os » Version: 7.0
cpe:2.3:o:cisco:nx-os:7.0:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Nexus 9500 » Version: N/A

Vulnerability Details : CVE-2018-0307

Exploit prediction scoring system (EPSS) score for CVE-2018-0307

CVSS scores for CVE-2018-0307

CWE ids for CVE-2018-0307

References for CVE-2018-0307

Products affected by CVE-2018-0307