RCE in Cisco Mds_9100

CVE-2015-4237

The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.002 (44.9th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References

1032775 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
20150701 Cisco Nexus Operating System Devices Command Line Interface Local Privilege Escalation Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)