Role-Based Access Control Flaw in Cisco NX-OS Software
CVE-2018-0293

8.8HIGH

Key Information:

Vendor
Cisco
Status
Cisco Nx-os Unknown
Vendor
CVE Published:
20 June 2018

Summary

A flaw in the role-based access control (RBAC) system of Cisco NX-OS Software enables authenticated remote attackers to execute restricted CLI commands. This vulnerability arises from improper RBAC privilege assignments, allowing nonadministrative users to perform actions typically reserved for admins. An attacker with valid user credentials could exploit this to modify device configurations or boot images, raising significant security concerns for affected network infrastructures, including various Nexus and MDS series switches.

Affected Version(s)

Cisco NX-OS unknown Cisco NX-OS unknown

References

http://www.securityfocus.com/bid/104520
vdb-entryx_refsource_BID
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1041169
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.