CVE-2018-0337
Description
A vulnerability in the role-based access-checking mechanisms of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on an affected device. The vulnerability exists because the affected software lacks proper input and validation checks for certain file systems. An attacker could exploit this vulnerability by issuing crafted commands in the CLI of an affected device. A successful exploit could allow the attacker to cause other users to execute unwanted, arbitrary commands on the affected device. Cisco Bug IDs: CSCvd06339, CSCvd15698, CSCvd36108, CSCvf52921, CSCvf52930, CSCvf52953, CSCvf52976.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.127
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Cisco NX-OS Software Role-Based Access Arbitrary Command Execution Vulnerability For CiscoPro Workgroup EtherSwitch Software | NCM |
| Cisco NX-OS Software Role-Based Access Arbitrary Command Execution Vulnerability For Cisco Nexus 7000 10-Slot Switch | NCM |
| Cisco NX-OS Software Role-Based Access Arbitrary Command Execution Vulnerability For Cisco Nexus 7000 18-Slot Switch | NCM |
| Cisco NX-OS Software Role-Based Access Arbitrary Command Execution Vulnerability For Cisco Nexus 7000 9-Slot Switch | NCM |
| Cisco NX-OS Software Role-Based Access Arbitrary Command Execution Vulnerability For Cisco Nexus 7000 4-Slot Switch | NCM |
| Cisco NX-OS Software Role-Based Access Arbitrary Command Execution Vulnerability For Cisco MDS 9710 Multilayer Director | NCM |
| Cisco NX-OS Software Role-Based Access Arbitrary Command Execution Vulnerability For Cisco MDS 9250i Multiservice Fabric Switch | NCM |
| Cisco NX-OS Software Role-Based Access Arbitrary Command Execution Vulnerability For Cisco Nexus 7700 10-Slot Switch | NCM |
| Cisco NX-OS Software Role-Based Access Arbitrary Command Execution Vulnerability For Cisco Nexus 7700 18-Slot Switch | NCM |
| Cisco NX-OS Software Role-Based Access Arbitrary Command Execution Vulnerability For Cisco Nexus 7700 6-Slot Switch | NCM |
| Cisco NX-OS Software Role-Based Access Arbitrary Command Execution Vulnerability For Cisco MDS 9148S 16G Multilayer Fabric Switch | NCM |
| Cisco NX-OS Software Role-Based Access Arbitrary Command Execution Vulnerability For Cisco MDS 9706 Multilayer Director | NCM |
| Cisco NX-OS Software Role-Based Access Arbitrary Command Execution Vulnerability For Cisco Nexus 7700 2-Slot Switch | NCM |
| Cisco NX-OS Software Role-Based Access Arbitrary Command Execution Vulnerability For Cisco MDS 9396S 16G Multilayer Fabric Switch | NCM |
| Cisco NX-OS Software Role-Based Access Arbitrary Command Execution Vulnerability For Cisco MDS 9132T 32-Gbps 32-Port Fibre Channel Switch | NCM |
| Cisco NX-OS Software Role-Based Access Arbitrary Command Execution Vulnerability For Cisco MDS 9148T 32-Gbps 48-Port Fibre Channel Switch | NCM |
| Cisco NX-OS Software Role-Based Access Arbitrary Command Execution Vulnerability For Cisco MDS 9396T 32-Gbps 96-Port Fibre Channel Switch | NCM |
| Cisco NX-OS Software Role-Based Access Arbitrary Command Execution Vulnerability For Cisco Nexus 1000V Switch for VMware vSphere | NCM |
| Cisco NX-OS Software Role-Based Access Arbitrary Command Execution Vulnerability For Cisco Nexus 9000 Series Switches | NCM |
| Incorrect Authorization Vulnerability (CVE-2018-0337) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1706035 | Security Update for CiscoPro Workgroup EtherSwitch Software 6.0(2)A8(4) |
| PATCH-1705011 | Security Update for Cisco Nexus 7000 10-Slot Switch 8.4(2) |
| PATCH-1705012 | Security Update for Cisco Nexus 7000 18-Slot Switch 8.4(2) |
| PATCH-1705013 | Security Update for Cisco Nexus 7000 9-Slot Switch 8.4(2) |
| PATCH-1705014 | Security Update for Cisco Nexus 7000 4-Slot Switch 8.4(2) |
| PATCH-1705015 | Security Update for Cisco MDS 9710 Multilayer Director 8.4(2) |
| PATCH-1705016 | Security Update for Cisco MDS 9250i Multiservice Fabric Switch 8.4(2) |
| PATCH-1705017 | Security Update for Cisco Nexus 7700 10-Slot Switch 8.4(2) |
| PATCH-1705018 | Security Update for Cisco Nexus 7700 18-Slot Switch 8.4(2) |
| PATCH-1705019 | Security Update for Cisco Nexus 7700 6-Slot Switch 8.4(2) |
| PATCH-1705020 | Security Update for Cisco MDS 9148S 16G Multilayer Fabric Switch 8.4(2) |
| PATCH-1705021 | Security Update for Cisco MDS 9706 Multilayer Director 8.4(2) |
| PATCH-1705022 | Security Update for Cisco Nexus 7700 2-Slot Switch 8.4(2) |
| PATCH-1705023 | Security Update for Cisco MDS 9396S 16G Multilayer Fabric Switch 8.4(2) |
| PATCH-1705024 | Security Update for Cisco MDS 9132T 32-Gbps 32-Port Fibre Channel Switch 8.4(2) |
| PATCH-1705025 | Security Update for Cisco MDS 9148T 32-Gbps 48-Port Fibre Channel Switch 8.4(2) |
| PATCH-1705026 | Security Update for Cisco MDS 9396T 32-Gbps 96-Port Fibre Channel Switch 8.4(2) |
| PATCH-1705949 | Security Update for Cisco Nexus 1000V Switch for VMware vSphere 5.2(1)SV3(3.1) |
| PATCH-1706000 | Security Update for Cisco Nexus 9000 Series Switches 15.1(4c) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234