—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Cisco Security Advisory: Cisco Network Services Orchestrator Arbitrary Command Execution Vulnerability
Advisory ID: cisco-sa-20180606-nso
Revision: 1.0
For Public Release: 2018 June 6 16:00 GMT
Last Updated: 2018 June 6 16:00 GMT
CVE ID(s): CVE-2018-0274
CVSS Score v(3): 8.1 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
+———————————————————————
Summary
=======
A vulnerability in the CLI parser of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user.
The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting malicious arguments into vulnerable commands. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected system.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-nso [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-nso”]
—–BEGIN PGP SIGNATURE—–
iQJ5BAEBAgBjBQJbGAZIXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczH1cP/3/F0EYB9o/U6xrcPQAo/ZkqA/yJ
+Dd9SMtncIPDc0OBmcJdFRxlvn9oMyLRAut2QZXsf5+Fp89Eg6gBlSUJN2BcBKwG
nFTE4Tt6D7MLkYmt0QVSbIxtVhb3UNDIumGxr8goD7KvhNjJBdja7j1drsj0hbVW
ESYJ5XfLS1WK5oea2jaNYkXjB+B4RH5r5v0huH2+i6yySmsf1eO/JPYVRulavrmU
jdjljjsDNCf72ook0j61W8nj8KOsCt7R0I7hlGlEvICulBuqgkBu7IWxuLZ23KKx
125zRRM4+jFgHUdzcOhc/+vFzseGPyWprDMB5hq+qPCQqyFbR/N0H8qFWNrybV5P
TSWDy96pHx+nNXt3nXhiLXkNIVsvPqaWaOJlKc5+nVDMCcd9dp1twVNQWaejDpq8
s3eraW12DRmWQLqD9EoKLWJXKGtuNPsh5/LtLeZruhtJIv3j7IK6Wu6oSSEdVUN2
j/v7M7DNBu4soXgzGOS8LIHGt/7Hl2OqoEyltcBqLXBhqWcTZAMXAUfMNgmByooX
A2VSZ4eY+DdZ+HKf9zaCsXZijwSurM/jIS7uSRHPRh8nMaq+UoUY2H83Cag0sTz4
byeIdCrxlS+uAls+/4XRCeEGzlygw2GhA0Pz9nqys4w4qd7GuohEhHwpvOwqPxG/
WlXAFDrJ3AebiPNH
=iYge
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com