CVE-2023-20050

Summary

CVE	CVE-2023-20050
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-02-23 20:15:00 UTC
Updated	2023-11-07 04:05:00 UTC
Description	A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the currently logged-in user.

Risk And Classification

Problem Types: CWE-78

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Cisco	Mds 9000	-	All	All	All
Hardware	Cisco	Mds 9100	-	All	All	All
Hardware	Cisco	Mds 9132t	-	All	All	All
Hardware	Cisco	Mds 9134	-	All	All	All
Hardware	Cisco	Mds 9140	-	All	All	All
Hardware	Cisco	Mds 9148	-	All	All	All
Hardware	Cisco	Mds 9148s	-	All	All	All
Hardware	Cisco	Mds 9148t	-	All	All	All
Hardware	Cisco	Mds 9200	-	All	All	All
Hardware	Cisco	Mds 9216	-	All	All	All
Hardware	Cisco	Mds 9216a	-	All	All	All
Hardware	Cisco	Mds 9216i	-	All	All	All
Hardware	Cisco	Mds 9222i	-	All	All	All
Hardware	Cisco	Mds 9250i	-	All	All	All
Hardware	Cisco	Mds 9396s	-	All	All	All
Hardware	Cisco	Mds 9396t	-	All	All	All
Hardware	Cisco	Mds 9500	-	All	All	All
Hardware	Cisco	Mds 9506	-	All	All	All
Hardware	Cisco	Mds 9509	-	All	All	All
Hardware	Cisco	Mds 9513	-	All	All	All
Hardware	Cisco	Mds 9700	-	All	All	All
Hardware	Cisco	Mds 9706	-	All	All	All
Hardware	Cisco	Mds 9710	-	All	All	All
Hardware	Cisco	Mds 9718	-	All	All	All
Hardware	Cisco	Nexus 1000v	-	All	All	All
Hardware	Cisco	Nexus 1000v	-	All	All	All
Hardware	Cisco	Nexus 1000 Virtual Edge	-	All	All	All
Hardware	Cisco	Nexus 3016	-	All	All	All
Hardware	Cisco	Nexus 3016q	-	All	All	All
Hardware	Cisco	Nexus 3048	-	All	All	All
Hardware	Cisco	Nexus 3064	-	All	All	All
Hardware	Cisco	Nexus 3064-32t	-	All	All	All
Hardware	Cisco	Nexus 3064-t	-	All	All	All
Hardware	Cisco	Nexus 3064-x	-	All	All	All
Hardware	Cisco	Nexus 3064t	-	All	All	All
Hardware	Cisco	Nexus 3064x	-	All	All	All
Hardware	Cisco	Nexus 3100	-	All	All	All
Hardware	Cisco	Nexus 3100-v	-	All	All	All
Hardware	Cisco	Nexus 3100-z	-	All	All	All
Hardware	Cisco	Nexus 3100v	-	All	All	All
Hardware	Cisco	Nexus 31108pc-v	-	All	All	All
Hardware	Cisco	Nexus 31108pv-v	-	All	All	All
Hardware	Cisco	Nexus 31108tc-v	-	All	All	All
Hardware	Cisco	Nexus 31128pq	-	All	All	All
Hardware	Cisco	Nexus 3132c-z	-	All	All	All
Hardware	Cisco	Nexus 3132q	-	All	All	All
Hardware	Cisco	Nexus 3132q-v	-	All	All	All
Hardware	Cisco	Nexus 3132q-x	-	All	All	All
Hardware	Cisco	Nexus 3132q-xl	-	All	All	All
Hardware	Cisco	Nexus 3132q-x/3132q-xl	-	All	All	All
Hardware	Cisco	Nexus 3164q	-	All	All	All
Hardware	Cisco	Nexus 3172	-	All	All	All
Hardware	Cisco	Nexus 3172pq	-	All	All	All
Hardware	Cisco	Nexus 3172pq-xl	-	All	All	All
Hardware	Cisco	Nexus 3172pq/pq-xl	-	All	All	All
Hardware	Cisco	Nexus 3172tq	-	All	All	All
Hardware	Cisco	Nexus 3172tq-32t	-	All	All	All
Hardware	Cisco	Nexus 3172tq-xl	-	All	All	All
Hardware	Cisco	Nexus 3200	-	All	All	All
Hardware	Cisco	Nexus 3232c	-	All	All	All
Hardware	Cisco	Nexus 3232c	-	All	All	All
Hardware	Cisco	Nexus 3264c-e	-	All	All	All
Hardware	Cisco	Nexus 3264q	-	All	All	All
Hardware	Cisco	Nexus 3400	-	All	All	All
Hardware	Cisco	Nexus 3408-s	-	All	All	All
Hardware	Cisco	Nexus 34180yc	-	All	All	All
Hardware	Cisco	Nexus 34200yc-sm	-	All	All	All
Hardware	Cisco	Nexus 3432d-s	-	All	All	All
Hardware	Cisco	Nexus 3464c	-	All	All	All
Hardware	Cisco	Nexus 3500	-	All	All	All
Hardware	Cisco	Nexus 3524	-	All	All	All
Hardware	Cisco	Nexus 3524-x	-	All	All	All
Hardware	Cisco	Nexus 3524-xl	-	All	All	All
Hardware	Cisco	Nexus 3524-x/xl	-	All	All	All
Hardware	Cisco	Nexus 3548	-	All	All	All
Hardware	Cisco	Nexus 3548-x	-	All	All	All
Hardware	Cisco	Nexus 3548-xl	-	All	All	All
Hardware	Cisco	Nexus 3548-x/xl	-	All	All	All
Hardware	Cisco	Nexus 3600	-	All	All	All
Hardware	Cisco	Nexus 36180yc-r	-	All	All	All
Hardware	Cisco	Nexus 3636c-r	-	All	All	All
Hardware	Cisco	Nexus 5500	-	All	All	All
Hardware	Cisco	Nexus 5548p	-	All	All	All
Hardware	Cisco	Nexus 5548up	-	All	All	All
Hardware	Cisco	Nexus 5596t	-	All	All	All
Hardware	Cisco	Nexus 5596up	-	All	All	All
Hardware	Cisco	Nexus 5600	-	All	All	All
Hardware	Cisco	Nexus 56128p	-	All	All	All
Hardware	Cisco	Nexus 5624q	-	All	All	All
Hardware	Cisco	Nexus 5648q	-	All	All	All
Hardware	Cisco	Nexus 5672up	-	All	All	All
Hardware	Cisco	Nexus 5672up-16g	-	All	All	All
Hardware	Cisco	Nexus 5696q	-	All	All	All
Hardware	Cisco	Nexus 6000	-	All	All	All
Hardware	Cisco	Nexus 6001	-	All	All	All
Hardware	Cisco	Nexus 6001p	-	All	All	All
Hardware	Cisco	Nexus 6001t	-	All	All	All
Hardware	Cisco	Nexus 6004	-	All	All	All
Hardware	Cisco	Nexus 6004x	-	All	All	All
Hardware	Cisco	Nexus 7000	-	All	All	All
Hardware	Cisco	Nexus 7004	-	All	All	All
Hardware	Cisco	Nexus 7009	-	All	All	All
Hardware	Cisco	Nexus 7010	-	All	All	All
Hardware	Cisco	Nexus 7018	-	All	All	All
Hardware	Cisco	Nexus 7700	-	All	All	All
Hardware	Cisco	Nexus 7702	-	All	All	All
Hardware	Cisco	Nexus 7706	-	All	All	All
Hardware	Cisco	Nexus 7710	-	All	All	All
Hardware	Cisco	Nexus 7718	-	All	All	All
Hardware	Cisco	Nexus 9000	-	All	All	All
Hardware	Cisco	Nexus 9000v	-	All	All	All
Operating System	Cisco	Nx-os	All	All	All	All
Operating System	Cisco	Nx-os	-	All	All	All

References

Reference	Source	Link	Tags
Cisco NX-OS Software CLI Command Injection Vulnerability	CISCO	sec.cloudapps.cisco.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

317298 Cisco Nexus Operating System (NX-OS) Software CLI Command Injection Vulnerability (cisco-sa-nxos-cli-cmdinject-euQVK9u)