Detections
Analytics

Cisco Nexus Devices NX-OS Software Command-Line Interpreter Local Privilege Escalation (CVE-2015-4232)

high Tenable OT Security Plugin ID 501361

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Cisco NX-OS 6.2(10) on Nexus and MDS 9000 devices allows local users to execute arbitrary OS commands by entering crafted tar parameters in the CLI, aka Bug ID CSCus44856.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

See Also

http://tools.cisco.com/security/center/viewAlert.x?alertId=39569

http://www.securityfocus.com/bid/75503

http://www.securitytracker.com/id/1032764

Plugin Details

Severity: High

ID: 501361

Version: 1.2

Type: remote

Family: Tenable.ot

Published: 7/25/2023

Updated: 12/25/2023

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2015-4232

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:nx-os:6.2%2810%29

Required KB Items: Tenable.ot/Cisco

Exploit Ease: No known exploits are available

Patch Publication Date: 7/3/2015

Vulnerability Publication Date: 7/3/2015

Reference Information

CVE: CVE-2015-4232

CWE: 264