Vulnslist

find the latest Cisco vulnerabilities

Cisco Nexus Devices Python Subsystem Local Privilege Escalation Vulnerabilities

Cisco-SA-20150630-CVE-2015-4234 · Medium · Published · Updated

Multiple privilege escalation vulnerabilities in the Python subsystem of Cisco Nexus devices running Cisco NX-OS Software could allow an authenticated, local attacker to gain elevated privileges.   The vulnerabilities are due to insufficient hardening of the operating system on which NX-OS is based. An attacker who has sufficient privileges to execute arbitrary Python scripts on an affected device could use this access to obtain root privileges. Cisco has confirmed the vulnerability; however, software updates are not available. To exploit these vulnerabilities, an attacker must have local access and authenticate to the targeted device. These requirements could limit the possibility of a successful exploit. Cisco would like to thank Jens Krabbenhoeft for discovering and reporting this vulnerability.

Cisco advisory ·CSAF JSON

Workarounds

Administrators are advised to contact the vendor regarding future updates and releases.

Administrators are advised to allow only trusted users to access local systems.

Administrators are advised to allow only privileged users to access administration or management systems.

Administrators are advised to monitor affected systems.

CVEsCVE-2015-4234
Cisco Bug IDsCSCun02887, CSCur00115, CSCur00127
CVSS ScoreBase 6.8
Base 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C/E:F/RL:U/RC:C
Product Names From Source
Cisco MDS SAN-OS Software

Related Products

Product CVE Evidence
Cisco MDS SAN-OS Software CVE-2015-4234 Cisco OpenVuln
Cisco NX-OS Software CVE-2015-4234 Cisco OpenVuln
Cisco MDS 9000 Blade Switches CVE-2015-4234 Cisco OpenVuln
Cisco MDS 9020 Fabric Switches CVE-2015-4234 Cisco OpenVuln