Command Injection Vulnerability in Cisco NX-OS for Nexus 1000V Devices
CVE-2013-3400

Currently unrated

Key Information:

Vendor: Cisco
Status: Nx-os; Nexus 1000v
Vendor: CVE Published:; 10 July 2013

Summary

A command injection vulnerability exists in the license-installation module of Cisco NX-OS on Nexus 1000V devices. This flaw allows local users to execute arbitrary commands by supplying specially crafted arguments to the 'install license' function. Unauthorized command execution can lead to potential system compromise, making it crucial for users to apply security patches and implement proper access controls to mitigate risks associated with this vulnerability.

References

http://www.securitytracker.com/id/1028763

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Jul 10, 2013
Vulnerability Reserved
May 6, 2013