CVE-2015-4237 Cisco NX-OS Devices Command Line Interface Local Privilege Escalation Vulnerability (Cisco-SA-20150701-CVE-2015-4237)

A vulnerability in the Command Line Interface (CLI) parser of Cisco Nexus Operating System (NX-OS) devices could allow an authenticated, local attacker to perform a privilege escalation. The vulnerability is due to improper input validation of special characters within filenames.

An attacker could exploit this vulnerability by authenticating at the local shell and writing a file to disk with certain special characters. The attacker could then use that file with other CLI commands to obtain a shell prompt at their current privilege level. An exploit could allow the attacker to read and write files and perform other privileged commands.

Refer to Cisco advisory Cisco-SA-20150701-CVE-2015-4237 for updates and patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

Cisco-SA-20150701-CVE-2015-4237: Cisco NX-OS 1000V

Cisco-SA-20150701-CVE-2015-4237: Cisco Nexus 3000

Cisco-SA-20150701-CVE-2015-4237: Cisco Nexus 4000

Cisco-SA-20150701-CVE-2015-4237: Cisco Nexus 5000

Cisco-SA-20150701-CVE-2015-4237: Cisco Nexus 7000

Cisco-SA-20150701-CVE-2015-4237: Cisco Nexus 9000