Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2025-12520

Опубликовано: 27 авг. 2025
Источник: fstec
CVSS3: 4.4
CVSS2: 3.2
EPSS Низкий

Описание

Уязвимость интерфейса командной строки (CLI) операционной системы Cisco NX-OS связана с непринятием мер по нейтрализации специальных элементов, используемых в команде операционной системы. Эксплуатация уязвимости может позволить нарушителю получить доступ на чтение и запись произвольных файлов

Вендор

Cisco Systems Inc.

Наименование ПО

NX-OS

Версия ПО

9.2(1) (NX-OS)
7.0(3)F3(1) (NX-OS)
7.0(3)F3(2) (NX-OS)
7.0(3)F3(3) (NX-OS)
7.0(3)F3(3a) (NX-OS)
7.0(3)F3(4) (NX-OS)
7.0(3)F3(3c) (NX-OS)
7.0(3)F3(5) (NX-OS)
7.0(3)I4(4) (NX-OS)
7.0(3)I4(5) (NX-OS)
7.0(3)I4(6) (NX-OS)
7.0(3)I4(7) (NX-OS)
7.0(3)I4(8) (NX-OS)
7.0(3)I4(8a) (NX-OS)
7.0(3)I4(8b) (NX-OS)
7.0(3)I4(8z) (NX-OS)
7.0(3)I7(5a) (NX-OS)
7.0(3)I5(1) (NX-OS)
7.0(3)I5(2) (NX-OS)
7.0(3)I6(1) (NX-OS)
7.0(3)I6(2) (NX-OS)
7.0(3)I7(1) (NX-OS)
7.0(3)I7(2) (NX-OS)
7.0(3)I7(3) (NX-OS)
7.0(3)I7(4) (NX-OS)
7.0(3)I7(5) (NX-OS)
9.3(10) (NX-OS)
9.3(11) (NX-OS)
9.3(12) (NX-OS)
7.0(3)i4(9) (NX-OS)
7.0(3)i7(6) (NX-OS)
7.0(3)i7(7) (NX-OS)
7.0(3)i7(8) (NX-OS)
7.0(3)i7(9) (NX-OS)
7.0(3)i7(10) (NX-OS)
9.2(2) (NX-OS)
9.2(2t) (NX-OS)
9.2(2v) (NX-OS)
9.2(3) (NX-OS)
9.2(4) (NX-OS)
9.3(1) (NX-OS)
9.3(2) (NX-OS)
9.3(3) (NX-OS)
9.3(4) (NX-OS)
9.3(5) (NX-OS)
9.3(6) (NX-OS)
9.3(7) (NX-OS)
9.3(7a) (NX-OS)
9.3(8) (NX-OS)
9.3(9) (NX-OS)
10.1(1) (NX-OS)
10.1(2) (NX-OS)
10.1(2t) (NX-OS)
10.2(1) (NX-OS)
10.2(1q) (NX-OS)
10.2(2) (NX-OS)
10.2(3) (NX-OS)
10.2(3t) (NX-OS)
10.2(3v) (NX-OS)
10.2(4) (NX-OS)
10.2(5) (NX-OS)
10.2(6) (NX-OS)
10.3(1) (NX-OS)
10.3(2) (NX-OS)
10.3(3) (NX-OS)
10.3(99w) (NX-OS)
10.3(99x) (NX-OS)
10.4(1) (NX-OS)
7.0(3)I4(6t) (NX-OS)
7.0(3)I5(3) (NX-OS)
7.0(3)I5(3a) (NX-OS)
7.0(3)I5(3b) (NX-OS)
7.0(3)I7(3z) (NX-OS)
7.0(3)I7(6z) (NX-OS)
7.0(3)I7(9w) (NX-OS)
9.2(3y) (NX-OS)
7.0(3)IA7(1) (NX-OS)
7.0(3)IA7(2) (NX-OS)
7.0(3)IM7(2) (NX-OS)
9.3(1z) (NX-OS)
9.3(5w) (NX-OS)
9.3(7k) (NX-OS)
9.3(13) (NX-OS)
10.2(2a) (NX-OS)
10.2(7) (NX-OS)
10.3(3w) (NX-OS)
10.3(3o) (NX-OS)
10.3(4a) (NX-OS)
10.3(3p) (NX-OS)
10.3(4) (NX-OS)
10.3(3q) (NX-OS)
10.3(3x) (NX-OS)
10.3(5) (NX-OS)
10.4(2) (NX-OS)
10.3(4g) (NX-OS)
10.3(3r) (NX-OS)
10.4(3) (NX-OS)
9.3(14) (NX-OS)
10.2(8) (NX-OS)
10.3(6) (NX-OS)
10.3(4h) (NX-OS)
10.4(4) (NX-OS)
10.5(1) (NX-OS)
10.4(4g) (NX-OS)
10.5(2) (NX-OS)
9.3(15) (NX-OS)
10.2(9) (NX-OS)
10.3(7) (NX-OS)
10.4(5) (NX-OS)
10.5(3) (NX-OS)
10.5(3t) (NX-OS)
10.5(3e) (NX-OS)
10.5(3o) (NX-OS)
10.5(3s) (NX-OS)

Тип ПО

Операционная система

Операционные системы и аппаратные платформы

Cisco Systems Inc. NX-OS 9.2(1)
Cisco Systems Inc. NX-OS 7.0(3)F3(1)
Cisco Systems Inc. NX-OS 7.0(3)F3(2)
Cisco Systems Inc. NX-OS 7.0(3)F3(3)
Cisco Systems Inc. NX-OS 7.0(3)F3(3a)
Cisco Systems Inc. NX-OS 7.0(3)F3(4)
Cisco Systems Inc. NX-OS 7.0(3)F3(3c)
Cisco Systems Inc. NX-OS 7.0(3)F3(5)
Cisco Systems Inc. NX-OS 7.0(3)I4(4)
Cisco Systems Inc. NX-OS 7.0(3)I4(5)
Cisco Systems Inc. NX-OS 7.0(3)I4(6)
Cisco Systems Inc. NX-OS 7.0(3)I4(7)
Cisco Systems Inc. NX-OS 7.0(3)I4(8)
Cisco Systems Inc. NX-OS 7.0(3)I4(8a)
Cisco Systems Inc. NX-OS 7.0(3)I4(8b)
Cisco Systems Inc. NX-OS 7.0(3)I4(8z)
Cisco Systems Inc. NX-OS 7.0(3)I7(5a)
Cisco Systems Inc. NX-OS 7.0(3)I5(1)
Cisco Systems Inc. NX-OS 7.0(3)I5(2)
Cisco Systems Inc. NX-OS 7.0(3)I6(1)
Cisco Systems Inc. NX-OS 7.0(3)I6(2)
Cisco Systems Inc. NX-OS 7.0(3)I7(1)
Cisco Systems Inc. NX-OS 7.0(3)I7(2)
Cisco Systems Inc. NX-OS 7.0(3)I7(3)
Cisco Systems Inc. NX-OS 7.0(3)I7(4)
Cisco Systems Inc. NX-OS 7.0(3)I7(5)
Cisco Systems Inc. NX-OS 9.3(10)
Cisco Systems Inc. NX-OS 9.3(11)
Cisco Systems Inc. NX-OS 9.3(12)
Cisco Systems Inc. NX-OS 7.0(3)i4(9)
Cisco Systems Inc. NX-OS 7.0(3)i7(6)
Cisco Systems Inc. NX-OS 7.0(3)i7(7)
Cisco Systems Inc. NX-OS 7.0(3)i7(8)
Cisco Systems Inc. NX-OS 7.0(3)i7(9)
Cisco Systems Inc. NX-OS 7.0(3)i7(10)
Cisco Systems Inc. NX-OS 9.2(2)
Cisco Systems Inc. NX-OS 9.2(2t)
Cisco Systems Inc. NX-OS 9.2(2v)
Cisco Systems Inc. NX-OS 9.2(3)
Cisco Systems Inc. NX-OS 9.2(4)
Cisco Systems Inc. NX-OS 9.3(1)
Cisco Systems Inc. NX-OS 9.3(2)
Cisco Systems Inc. NX-OS 9.3(3)
Cisco Systems Inc. NX-OS 9.3(4)
Cisco Systems Inc. NX-OS 9.3(5)
Cisco Systems Inc. NX-OS 9.3(6)
Cisco Systems Inc. NX-OS 9.3(7)
Cisco Systems Inc. NX-OS 9.3(7a)
Cisco Systems Inc. NX-OS 9.3(8)
Cisco Systems Inc. NX-OS 9.3(9)
Cisco Systems Inc. NX-OS 10.1(1)
Cisco Systems Inc. NX-OS 10.1(2)
Cisco Systems Inc. NX-OS 10.1(2t)
Cisco Systems Inc. NX-OS 10.2(1)
Cisco Systems Inc. NX-OS 10.2(1q)
Cisco Systems Inc. NX-OS 10.2(2)
Cisco Systems Inc. NX-OS 10.2(3)
Cisco Systems Inc. NX-OS 10.2(3t)
Cisco Systems Inc. NX-OS 10.2(3v)
Cisco Systems Inc. NX-OS 10.2(4)
Cisco Systems Inc. NX-OS 10.2(5)
Cisco Systems Inc. NX-OS 10.2(6)
Cisco Systems Inc. NX-OS 10.3(1)
Cisco Systems Inc. NX-OS 10.3(2)
Cisco Systems Inc. NX-OS 10.3(3)
Cisco Systems Inc. NX-OS 10.3(99w)
Cisco Systems Inc. NX-OS 10.3(99x)
Cisco Systems Inc. NX-OS 10.4(1)
Cisco Systems Inc. NX-OS 7.0(3)I4(6t)
Cisco Systems Inc. NX-OS 7.0(3)I5(3)
Cisco Systems Inc. NX-OS 7.0(3)I5(3a)
Cisco Systems Inc. NX-OS 7.0(3)I5(3b)
Cisco Systems Inc. NX-OS 7.0(3)I7(3z)
Cisco Systems Inc. NX-OS 7.0(3)I7(6z)
Cisco Systems Inc. NX-OS 7.0(3)I7(9w)
Cisco Systems Inc. NX-OS 9.2(3y)
Cisco Systems Inc. NX-OS 7.0(3)IA7(1)
Cisco Systems Inc. NX-OS 7.0(3)IA7(2)
Cisco Systems Inc. NX-OS 7.0(3)IM7(2)
Cisco Systems Inc. NX-OS 9.3(1z)
Cisco Systems Inc. NX-OS 9.3(5w)
Cisco Systems Inc. NX-OS 9.3(7k)
Cisco Systems Inc. NX-OS 9.3(13)
Cisco Systems Inc. NX-OS 10.2(2a)
Cisco Systems Inc. NX-OS 10.2(7)
Cisco Systems Inc. NX-OS 10.3(3w)
Cisco Systems Inc. NX-OS 10.3(3o)
Cisco Systems Inc. NX-OS 10.3(4a)
Cisco Systems Inc. NX-OS 10.3(3p)
Cisco Systems Inc. NX-OS 10.3(4)
Cisco Systems Inc. NX-OS 10.3(3q)
Cisco Systems Inc. NX-OS 10.3(3x)
Cisco Systems Inc. NX-OS 10.3(5)
Cisco Systems Inc. NX-OS 10.4(2)
Cisco Systems Inc. NX-OS 10.3(4g)
Cisco Systems Inc. NX-OS 10.3(3r)
Cisco Systems Inc. NX-OS 10.4(3)
Cisco Systems Inc. NX-OS 9.3(14)
Cisco Systems Inc. NX-OS 10.2(8)
Cisco Systems Inc. NX-OS 10.3(6)
Cisco Systems Inc. NX-OS 10.3(4h)
Cisco Systems Inc. NX-OS 10.4(4)
Cisco Systems Inc. NX-OS 10.5(1)
Cisco Systems Inc. NX-OS 10.4(4g)
Cisco Systems Inc. NX-OS 10.5(2)
Cisco Systems Inc. NX-OS 9.3(15)
Cisco Systems Inc. NX-OS 10.2(9)
Cisco Systems Inc. NX-OS 10.3(7)
Cisco Systems Inc. NX-OS 10.4(5)
Cisco Systems Inc. NX-OS 10.5(3)
Cisco Systems Inc. NX-OS 10.5(3t)
Cisco Systems Inc. NX-OS 10.5(3e)
Cisco Systems Inc. NX-OS 10.5(3o)
Cisco Systems Inc. NX-OS 10.5(3s)

Уровень опасности уязвимости

Низкий уровень опасности (базовая оценка CVSS 2.0 составляет 3,2)
Средний уровень опасности (базовая оценка CVSS 3.1 составляет 4,4)

Возможные меры по устранению уязвимости

Использование рекомендаций производителя:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cmdinj-qhNze5Ss

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 37%
0.00164
Низкий

4.4 Medium

CVSS3

3.2 Low

CVSS2

Связанные уязвимости

nvd логотип

CVE-2025-20292

CVSS3: 4.4
nvd
5 месяцев назад

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute a command injection attack on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by entering crafted input as the argument of an affected CLI command. A successful exploit could allow the attacker to read and write files on the underlying operating system with the privileges of a non-root user account. File system access is limited to the permissions that are granted to that non-root user account.

github логотип

GHSA-hp2g-vg39-xg22

CVSS3: 4.4
github
5 месяцев назад

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute a command injection attack on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by entering crafted input as the argument of an affected CLI command. A successful exploit could allow the attacker to read and write files on the underlying operating system with the privileges of a non-root user account. File system access is limited to the permissions that are granted to that non-root user account.

EPSS

Процентиль: 37%
0.00164
Низкий

4.4 Medium

CVSS3

3.2 Low

CVSS2