1. Home
  2. CVE Database
  3. CVE-2015-0658
HIGH · 7.9

CVE-2015-0658

The DHCP implementation in the PowerOn Auto Provisioning (POAP) feature in Cisco NX-OS does not properly restrict the initialization process, which allows remote attackers to execute arbitrary command...

Vulnerability Description

The DHCP implementation in the PowerOn Auto Provisioning (POAP) feature in Cisco NX-OS does not properly restrict the initialization process, which allows remote attackers to execute arbitrary commands as root by sending crafted response packets on the local network, aka Bug ID CSCur14589.

CVSS Score

7.9

HIGH

AV:A/AC:M/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
CiscoNx-Os6.1\(2\)
CiscoNexus 7000All versions
CiscoNexus 7700All versions
CiscoNexus 5010All versions
CiscoNexus 5020All versions
CiscoNexus 5548PAll versions
CiscoNexus 5548UpAll versions
CiscoNexus 5596TAll versions
CiscoNexus 5596UpAll versions
CiscoNexus 56128PAll versions
CiscoNexus 5624QAll versions
CiscoNexus 5648QAll versions
CiscoNexus 5672UpAll versions
CiscoNexus 5696QAll versions
CiscoNexus 6001All versions
CiscoNexus 6004All versions
CiscoNexus 93120TxAll versions
CiscoNexus 93128TxAll versions
CiscoNexus 9332PqAll versions
CiscoNexus 9336Pq Aci SpineAll versions

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2015-0658?

CVE-2015-0658 is a vulnerability with a CVSS score of 7.9 (HIGH). The DHCP implementation in the PowerOn Auto Provisioning (POAP) feature in Cisco NX-OS does not properly restrict the initialization process, which allows remote attackers to execute arbitrary command...

How severe is CVE-2015-0658?

CVE-2015-0658 has been rated HIGH with a CVSS base score of 7.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-0658?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Nx-Os, Cisco Nexus 7000, Cisco Nexus 7700, Cisco Nexus 5010, Cisco Nexus 5020.