Cisco NX-OS Software DHCP option Command Injection Vulnerability (CVE-2015-0658)
Release date:
Updated on:
Affected Systems:
Cisco NX-OS
Description:
CVE (CAN) ID: CVE-2015-0658
Cisco NX-OS is a data center-Level Operating System.
In the PowerOn Auto Provisioning (POAP) function of Cisco NX-OS, DHCP implementation does not properly restrict initialization process, there is a security vulnerability, remote attackers send a constructed response packet on the local network, this vulnerability allows the root user to execute arbitrary commands.
<* Source: Cisco
*>
Suggestion:
Vendor patch:
Cisco
-----
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Https://web.nvd.nist.gov/view/vuln/detail? VulnId = CVE-2015-0658
Http://tools.cisco.com/security/center/viewAlert.x? AlertId = 38062
This article permanently updates the link address: