Vulnerability CVE-2015-0658
Published: 2015-03-27   Modified: 2015-03-28

Description:
The DHCP implementation in the PowerOn Auto Provisioning (POAP) feature in Cisco NX-OS does not properly restrict the initialization process, which allows remote attackers to execute arbitrary commands as root by sending crafted response packets on the local network, aka Bug ID CSCur14589.

CVSS2 => (AV:A/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.9/10
10/10
5.5/10
Exploit range
Attack complexity
Authentication
Adjacent network
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Cisco -> Nx-os 

 References:
http://www.securitytracker.com/id/1031992
http://tools.cisco.com/security/center/viewAlert.x?alertId=38062
Copyright 2024, cxsecurity.com

 

Back to Top