CVE-2015-0721

high-risk

Published 2016-10-06

Cisco NX-OS 4.0 through 7.3 on Multilayer Director and Nexus 1000V, 2000, 3000, 3500, 4000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote authenticated users to bypass intended AAA restrictions and obtain privileged CLI access via crafted parameters in an SSH connection negotiation, aka Bug IDs CSCum35502, CSCuw78669, CSCuw79754, and CSCux88492.

Do I need to act?

0.14% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.0/10 High

NETWORK / LOW complexity

Affected Products (20)

Nx-Os

Affected Vendors

Cisco

References (6)

Vendor Advisory http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20...

http://www.securityfocus.com/bid/93410

http://www.securitytracker.com/id/1036947

Vendor Advisory http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20...

http://www.securityfocus.com/bid/93410

http://www.securitytracker.com/id/1036947

/ 100

high-risk

Severity 28/34 · Critical

Exploitability 1/34 · Minimal

Exposure 33/34 · Critical