ID de Prueba:	1.3.6.1.4.1.25623.1.0.105703
Categoría:	CISCO
Título:	Cisco Nexus Devices NX-OS Software Command-Line Interpreter Local Privilege Escalation Vulnerability (Cisco-SA-20150630-CVE-2015-4232)
Resumen:	A local privilege escalation vulnerability in the command-line; interpreter of Cisco Nexus devices could allow an authenticated, local attacker to execute; arbitrary commands on the underlying operating system with user privileges.
Descripción:	Summary: A local privilege escalation vulnerability in the command-line interpreter of Cisco Nexus devices could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with user privileges. Vulnerability Insight: The vulnerability exists due to insufficient input sanitization of parameters passed to the tar command on the command-line interpreter of an affected device. Vulnerability Impact: An attacker could leverage this behavior to execute arbitrary commands on the underlying operating system with the privileges of the user authenticated to the device. Solution: See the referenced vendor advisory for a solution. CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-4232 BugTraq ID: 75503 http://www.securityfocus.com/bid/75503 Cisco Security Advisory: 20150630 Cisco Nexus Devices NX-OS Software Command-Line Interpreter Local Privilege Escalation Vulnerability http://tools.cisco.com/security/center/viewAlert.x?alertId=39569 http://www.securitytracker.com/id/1032764
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.