Cisco NX-OS Software CVE-2018-0293 Remote Privilege Escalation Vulnerability

Bugtraq ID:	104520
Class:	Input Validation Error
CVE:	CVE-2018-0293
Remote:	Yes
Local:	No
Published:	Jun 20 2018 12:00AM
Updated:	Jun 20 2018 12:00AM
Credit:	Cisco
Vulnerable:	Cisco NX-OS 8.1 Cisco NX-OS 8.0 Cisco NX-OS 7.3 Cisco NX-OS 7.2 Cisco NX-OS 7.1 Cisco NX-OS 7.0(3)I7 Cisco NX-OS 7.0(3)I6 Cisco NX-OS 7.0(3)I5 Cisco NX-OS 7.0(3)I4 Cisco NX-OS 7.0 Cisco NX-OS 6.2 Cisco NX-OS 6.0 Cisco NX-OS 5.2 Cisco Nexus 9500 R-Series Line Cards and Fabric Modules 0 Cisco Nexus 9000 Series Switches in standalone NX-OS mode 0 Cisco Nexus 7700 Series Switches 0 Cisco Nexus 7000 Series Switches 0 Cisco Nexus 6000 Series Switches 0 Cisco Nexus 5600 Platform Switches 0 Cisco Nexus 5500 Platform Switches 0 Cisco Nexus 3600 Platform Switches 0 Cisco Nexus 3500 Platform Switches 0 Cisco Nexus 3000 Series Switches 0 Cisco Nexus 2000 Series Fabric Extenders 0 Cisco MDS 9000 Series Multilayer Switches 0
Not Vulnerable:	Cisco NX-OS 8.1(1) Cisco NX-OS 7.3(3)N1(1) Cisco NX-OS 7.3(2)D1(1) Cisco NX-OS 7.0(3)I7(2) Cisco NX-OS 7.0(3)I7(1) Cisco NX-OS 7.0(3)I4(7) Cisco NX-OS 7.0(3)F1(1)

Cisco NX-OS Software CVE-2018-0293 Remote Privilege Escalation Vulnerability

Cisco NX-OS Software is prone to remote privilege-escalation vulnerability.

A remote attacker can exploit this issue to bypass certain restrictions and gain elevated privileges.

This issue is tracked by Cisco Bug ID CSCvd77904.

Cisco NX-OS Software CVE-2018-0293 Remote Privilege Escalation Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Cisco NX-OS Software CVE-2018-0293 Remote Privilege Escalation Vulnerability

References:

• Cisco Homepage (Cisco)
  
• cisco-sa-20180620-nxosrbac: Cisco NX-OS Software Role-Based Access Control Elev (Cisco)