CVE-2015-4237
Severity Score
4.6
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491, CSCuv08443, CSCuv08480, CSCuv08448, CSCuu99291, CSCuv08434, and CSCuv08436.
El analizador sintáctico CLI en Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), y 9.1(1)SV1(3.1.8) en los dispositivos Nexus permite a usuarios locales ejecutar comandos del sistema operativo arbitrarios a través de caracteres manipulados en un nombre de fichero, también conocido como Bug IDs CSCuv08491, CSCuv08443, CSCuv08480, CSCuv08448, CSCuu99291, CSCuv08434, y CSCuv08436.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-06-04 CVE Reserved
- 2015-07-03 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securitytracker.com/id/1032775 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://tools.cisco.com/security/center/viewAlert.x?alertId=39583 | 2016-12-28 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 7.2\(0\)zz\(99.3\) Search vendor "Cisco" for product "Nx-os" and version "7.2\(0\)zz\(99.3\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 93120tx Search vendor "Cisco" for product "Nexus 93120tx" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 7.2\(0\)zz\(99.3\) Search vendor "Cisco" for product "Nx-os" and version "7.2\(0\)zz\(99.3\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 93128tx Search vendor "Cisco" for product "Nexus 93128tx" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 7.2\(0\)zz\(99.3\) Search vendor "Cisco" for product "Nx-os" and version "7.2\(0\)zz\(99.3\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 9332pq Search vendor "Cisco" for product "Nexus 9332pq" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 7.2\(0\)zz\(99.3\) Search vendor "Cisco" for product "Nx-os" and version "7.2\(0\)zz\(99.3\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 9336pq Aci Spine Search vendor "Cisco" for product "Nexus 9336pq Aci Spine" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 7.2\(0\)zz\(99.3\) Search vendor "Cisco" for product "Nx-os" and version "7.2\(0\)zz\(99.3\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 9372px Search vendor "Cisco" for product "Nexus 9372px" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 7.2\(0\)zz\(99.3\) Search vendor "Cisco" for product "Nx-os" and version "7.2\(0\)zz\(99.3\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 9372tx Search vendor "Cisco" for product "Nexus 9372tx" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 7.2\(0\)zz\(99.3\) Search vendor "Cisco" for product "Nx-os" and version "7.2\(0\)zz\(99.3\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 9396px Search vendor "Cisco" for product "Nexus 9396px" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 7.2\(0\)zz\(99.3\) Search vendor "Cisco" for product "Nx-os" and version "7.2\(0\)zz\(99.3\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 9396tx Search vendor "Cisco" for product "Nexus 9396tx" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 7.2\(0\)zz\(99.3\) Search vendor "Cisco" for product "Nx-os" and version "7.2\(0\)zz\(99.3\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 9504 Search vendor "Cisco" for product "Nexus 9504" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 7.2\(0\)zz\(99.3\) Search vendor "Cisco" for product "Nx-os" and version "7.2\(0\)zz\(99.3\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 9508 Search vendor "Cisco" for product "Nexus 9508" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 7.2\(0\)zz\(99.3\) Search vendor "Cisco" for product "Nx-os" and version "7.2\(0\)zz\(99.3\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 9516 Search vendor "Cisco" for product "Nexus 9516" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 7.2\(0\)zz\(99.1\) Search vendor "Cisco" for product "Nx-os" and version "7.2\(0\)zz\(99.1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 3016 Search vendor "Cisco" for product "Nexus 3016" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 7.2\(0\)zz\(99.1\) Search vendor "Cisco" for product "Nx-os" and version "7.2\(0\)zz\(99.1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 3048 Search vendor "Cisco" for product "Nexus 3048" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 7.2\(0\)zz\(99.1\) Search vendor "Cisco" for product "Nx-os" and version "7.2\(0\)zz\(99.1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 3064 Search vendor "Cisco" for product "Nexus 3064" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 7.2\(0\)zz\(99.1\) Search vendor "Cisco" for product "Nx-os" and version "7.2\(0\)zz\(99.1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 3132q Search vendor "Cisco" for product "Nexus 3132q" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 7.2\(0\)zz\(99.1\) Search vendor "Cisco" for product "Nx-os" and version "7.2\(0\)zz\(99.1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 3164q Search vendor "Cisco" for product "Nexus 3164q" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 7.2\(0\)zz\(99.1\) Search vendor "Cisco" for product "Nx-os" and version "7.2\(0\)zz\(99.1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 3172 Search vendor "Cisco" for product "Nexus 3172" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 7.2\(0\)zz\(99.1\) Search vendor "Cisco" for product "Nx-os" and version "7.2\(0\)zz\(99.1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 3232c Search vendor "Cisco" for product "Nexus 3232c" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 7.2\(0\)zz\(99.1\) Search vendor "Cisco" for product "Nx-os" and version "7.2\(0\)zz\(99.1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 3524 Search vendor "Cisco" for product "Nexus 3524" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 7.2\(0\)zz\(99.1\) Search vendor "Cisco" for product "Nx-os" and version "7.2\(0\)zz\(99.1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 3548 Search vendor "Cisco" for product "Nexus 3548" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 6.2\(11b\) Search vendor "Cisco" for product "Nx-os" and version "6.2\(11b\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Mds 9100 Search vendor "Cisco" for product "Mds 9100" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 6.2\(11b\) Search vendor "Cisco" for product "Nx-os" and version "6.2\(11b\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Mds 9140 Search vendor "Cisco" for product "Mds 9140" | * | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 6.2\(11b\) Search vendor "Cisco" for product "Nx-os" and version "6.2\(11b\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Mds 9500 Search vendor "Cisco" for product "Mds 9500" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 6.2\(11b\) Search vendor "Cisco" for product "Nx-os" and version "6.2\(11b\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Mds 9700 Search vendor "Cisco" for product "Mds 9700" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 9.1\(1\)sv1\(3.1.8\) Search vendor "Cisco" for product "Nx-os" and version "9.1\(1\)sv1\(3.1.8\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 1000v Search vendor "Cisco" for product "Nexus 1000v" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 7.2\(0\)zz\(99.1\) Search vendor "Cisco" for product "Nx-os" and version "7.2\(0\)zz\(99.1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 5548p Search vendor "Cisco" for product "Nexus 5548p" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 7.2\(0\)zz\(99.1\) Search vendor "Cisco" for product "Nx-os" and version "7.2\(0\)zz\(99.1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 5548up Search vendor "Cisco" for product "Nexus 5548up" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 7.2\(0\)zz\(99.1\) Search vendor "Cisco" for product "Nx-os" and version "7.2\(0\)zz\(99.1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 5596t Search vendor "Cisco" for product "Nexus 5596t" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 7.2\(0\)zz\(99.1\) Search vendor "Cisco" for product "Nx-os" and version "7.2\(0\)zz\(99.1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 5596up Search vendor "Cisco" for product "Nexus 5596up" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 7.2\(0\)zz\(99.1\) Search vendor "Cisco" for product "Nx-os" and version "7.2\(0\)zz\(99.1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 56128p Search vendor "Cisco" for product "Nexus 56128p" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 7.2\(0\)zz\(99.1\) Search vendor "Cisco" for product "Nx-os" and version "7.2\(0\)zz\(99.1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 5624q Search vendor "Cisco" for product "Nexus 5624q" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 7.2\(0\)zz\(99.1\) Search vendor "Cisco" for product "Nx-os" and version "7.2\(0\)zz\(99.1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 5648q Search vendor "Cisco" for product "Nexus 5648q" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 7.2\(0\)zz\(99.1\) Search vendor "Cisco" for product "Nx-os" and version "7.2\(0\)zz\(99.1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 5672up Search vendor "Cisco" for product "Nexus 5672up" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 7.2\(0\)zz\(99.1\) Search vendor "Cisco" for product "Nx-os" and version "7.2\(0\)zz\(99.1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 5696q Search vendor "Cisco" for product "Nexus 5696q" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 6.2\(12\) Search vendor "Cisco" for product "Nx-os" and version "6.2\(12\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 7000 Search vendor "Cisco" for product "Nexus 7000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 6.2\(12\) Search vendor "Cisco" for product "Nx-os" and version "6.2\(12\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 7700 Search vendor "Cisco" for product "Nexus 7700" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | 4.1\(2\)e1\(1\) Search vendor "Cisco" for product "Nx-os" and version "4.1\(2\)e1\(1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 4001i Search vendor "Cisco" for product "Nexus 4001i" | - | - |
Safe
|