Symptom
A vulnerability in a specific CLI command implementation for Cisco NX-OS Software could allow an authenticated, local attacker to cause a Virtual Shell (VSH) session to unexpectedly disconnect.
The vulnerability is due to incorrect length checks of user supplied input for a specific CLI command. An attacker could exploit this vulnerability by authenticating to
the device and issuing a crafted CLI command. An exploit could allow the attacker to cause a VSH session of another use to unexpectedly disconnect. A VSH session is used for local and remote connections to the management interface of the device. The attacker would need valid administrator credentials.
Conditions
The default configuration.
Further Problem Description
None
PSIRT Evaluation
The Cisco PSIRT has assigned this bug the following CVSS version 3 score. The Base CVSS score as of the time of evaluation is 2.3:
https://tools.cisco.com/security/center/cvssCalculator.x?version=3.0&vector=CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
No CVE ID has been assigned to this issue.
Additional information on Cisco''s security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
