Test ID:	1.3.6.1.4.1.25623.1.0.105701
Category:	CISCO
Title:	Cisco Nexus Operating System Devices Command Line Interface Local Privilege Escalation Vulnerability (Cisco-SA-20150701-CVE-2015-4237)
Summary:	A vulnerability in the Command Line Interface (CLI) parser of; Cisco Nexus Operating System (NX-OS) devices could allow an authenticated, local attacker to; perform a privilege escalation.
Description:	Summary: A vulnerability in the Command Line Interface (CLI) parser of Cisco Nexus Operating System (NX-OS) devices could allow an authenticated, local attacker to perform a privilege escalation. Vulnerability Insight: The vulnerability is due to improper input validation of special characters within filenames. An attacker could exploit this vulnerability by authenticating at the local shell and writing a file to disk with certain special characters. The attacker could then use that file with other CLI commands to obtain a shell prompt at their current privilege level. Vulnerability Impact: An exploit could allow the attacker to read and write files and perform other privileged commands. Solution: See the referenced vendor advisory for a solution. CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-4237 Cisco Security Advisory: 20150701 Cisco Nexus Operating System Devices Command Line Interface Local Privilege Escalation Vulnerability http://tools.cisco.com/security/center/viewAlert.x?alertId=39583 http://www.securitytracker.com/id/1032775
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.