Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1735)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid user credentials to exploit this vulnerability.

N/A

在命令中使用的特殊元素转义处理不恰当(命令注入)

Cisco NX-OS Software 命令参数注入漏洞

Cisco NX-OS Software是美国思科（Cisco）公司的一套交换机使用的数据中心级操作系统软件。 Cisco NX-OS Software中的CLI存在参数注入漏洞。该漏洞源于外部输入数据构造可执行命令过程中，网络系统或产品未正确过滤其中的特殊元素。攻击者可利用该漏洞执行非法命令。以下产品及版本受到影响：MDS 9000 Series Multilayer Switches；Nexus 1000 Virtual Edge；Nexus 1000V Switch for Microsoft Hy

N/A

N/A