Test ID:	1.3.6.1.4.1.25623.1.0.105703
Category:	CISCO
Title:	Cisco Nexus Devices NX-OS Software Command-Line Interpreter Local Privilege Escalation Vulnerability (Cisco-SA-20150630-CVE-2015-4232)
Summary:	A local privilege escalation vulnerability in the command-line; interpreter of Cisco Nexus devices could allow an authenticated, local attacker to execute; arbitrary commands on the underlying operating system with user privileges.
Description:	Summary: A local privilege escalation vulnerability in the command-line interpreter of Cisco Nexus devices could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with user privileges. Vulnerability Insight: The vulnerability exists due to insufficient input sanitization of parameters passed to the tar command on the command-line interpreter of an affected device. Vulnerability Impact: An attacker could leverage this behavior to execute arbitrary commands on the underlying operating system with the privileges of the user authenticated to the device. Solution: See the referenced vendor advisory for a solution. CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-4232 BugTraq ID: 75503 http://www.securityfocus.com/bid/75503 Cisco Security Advisory: 20150630 Cisco Nexus Devices NX-OS Software Command-Line Interpreter Local Privilege Escalation Vulnerability http://tools.cisco.com/security/center/viewAlert.x?alertId=39569 http://www.securitytracker.com/id/1032764
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.