1. Home
  2. CVE Database
  3. CVE-2015-4237
MEDIUM · 4.6

CVE-2015-4237

The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted char...

Vulnerability Description

The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491, CSCuv08443, CSCuv08480, CSCuv08448, CSCuu99291, CSCuv08434, and CSCuv08436.

CVSS Score

4.6

MEDIUM

AV:L/AC:L/Au:N/C:P/I:P/A:P
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL

Affected Products

VendorProductVersions
CiscoNx-Os7.2\(0\)zz\(99.3\)
CiscoNexus 93120Tx-
CiscoNexus 93128Tx-
CiscoNexus 9332Pq-
CiscoNexus 9336Pq Aci Spine-
CiscoNexus 9372Px-
CiscoNexus 9372Tx-
CiscoNexus 9396Px-
CiscoNexus 9396Tx-
CiscoNexus 9504-
CiscoNexus 9508-
CiscoNexus 9516-
CiscoNexus 3016-
CiscoNexus 3048-
CiscoNexus 3064-
CiscoNexus 3132Q-
CiscoNexus 3164Q-
CiscoNexus 3172-
CiscoNexus 3232C-
CiscoNexus 3524-

Related Weaknesses (CWE)

CWE-78CWE-264

References

FAQ

What is CVE-2015-4237?

CVE-2015-4237 is a vulnerability with a CVSS score of 4.6 (MEDIUM). The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted char...

How severe is CVE-2015-4237?

CVE-2015-4237 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-4237?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Nx-Os, Cisco Nexus 93120Tx, Cisco Nexus 93128Tx, Cisco Nexus 9332Pq, Cisco Nexus 9336Pq Aci Spine.