A vulnerability in the CLI of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to read or write arbitrary files at the user's privilege level outside of the user's path. Cisco Bug IDs: CSCvb86787, CSCve60516, CSCve60555.
2017-05-22T01:29:00.760
2025-04-20T01:37:25.860
Deferred
CVSSv3.0: 7.8 (HIGH)
AV:L/AC:L/Au:N/C:P/I:P/A:P
3.9
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | cisco | nx-os | 7.1\(1\)n1\(1\) | Yes |
| Operating System | cisco | nx-os | 7.1\(2\)n1\(1\) | Yes |
| Operating System | cisco | nx-os | 7.1\(3\)n1\(1\) | Yes |
| Operating System | cisco | nx-os | 7.1\(3\)n1\(2\) | Yes |
| Operating System | cisco | nx-os | 7.1\(3\)n1\(2.1\) | Yes |
| Operating System | cisco | nx-os | 7.1\(3\)n1\(3.12\) | Yes |
| Operating System | cisco | nx-os | 7.1\(4\)n1\(1\) | Yes |
| Operating System | cisco | nx-os | 7.2\(0\)d1\(0.437\) | Yes |
| Operating System | cisco | nx-os | 7.2\(0\)n1\(1\) | Yes |
| Operating System | cisco | nx-os | 7.2\(0\)zz\(99.1\) | Yes |
| Operating System | cisco | nx-os | 7.2\(1\)n1\(1\) | Yes |
| Operating System | cisco | nx-os | 7.3\(0\)n1\(1\) | Yes |
| Hardware | cisco | nexus_5548up | - | No |
| Hardware | cisco | nexus_5596t | - | No |
| Hardware | cisco | nexus_5596up | - | No |
| Hardware | cisco | nexus_56128p | - | No |
| Hardware | cisco | nexus_5624q | - | No |
| Hardware | cisco | nexus_5648q | - | No |
| Hardware | cisco | nexus_5672up | - | No |
| Hardware | cisco | nexus_5672up-16g | - | No |
| Hardware | cisco | nexus_5696q | - | No |