The DHCP implementation in the PowerOn Auto Provisioning (POAP) feature in Cisco NX-OS does not properly restrict the initialization process, which allows remote attackers to execute arbitrary commands as root by sending crafted response packets on the local network, aka Bug ID CSCur14589.
References
Link | Resource |
---|---|
http://tools.cisco.com/security/center/viewAlert.x?alertId=38062 | Vendor Advisory |
http://www.securitytracker.com/id/1031992 |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
History
No history.
Information
Published : 2015-03-28 01:59
Updated : 2024-02-28 12:20
NVD link : CVE-2015-0658
Mitre link : CVE-2015-0658
CVE.ORG link : CVE-2015-0658
JSON object : View
Products Affected
cisco
- nexus_7000
- nexus_9332pq
- nexus_5648q
- nexus_3548
- nexus_5596up
- nexus_9336pq_aci_spine
- nexus_3172
- nexus_9396tx
- nexus_9372tx
- nexus_9516
- nexus_93128tx
- nexus_5548up
- nexus_6001
- nexus_3048
- nx-os
- nexus_3064
- nexus_3524
- nexus_9508
- nexus_5672up
- nexus_7700
- nexus_6004
- nexus_9504
- nexus_5010
- nexus_5548p
- nexus_5020
- nexus_93120tx
- nexus_9396px
- nexus_5696q
- nexus_56128p
- nexus_3132q
- nexus_5624q
- nexus_3016
- nexus_3164q
- nexus_9372px
- nexus_5596t
CWE
CWE-20
Improper Input Validation