Improper input validation in Cisco Nexus_3016

CVE-2015-0658

The DHCP implementation in the PowerOn Auto Provisioning (POAP) feature in Cisco NX-OS does not properly restrict the initialization process, which allows remote attackers to execute arbitrary commands as root by sending crafted response p…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.005 (65.8th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

1031992 (vdb-entry, x_refsource_SECTRACK)
20150327 Cisco NX-OS Software DHCP Options Command Injection Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)