CVE-2015-0721 Information

Description

Cisco NX-OS 4.0 through 7.3 on Multilayer Director and Nexus 1000V 2000 3000 3500 4000 5000 5500 5600 6000 7000 7700 and 9000 devices allows remote authenticated users to bypass intended AAA restrictions and obtain privileged CLI access via crafted parameters in an SSH connection negotiation aka Bug IDs CSCum35502 CSCuw78669 CSCuw79754 and CSCux88492.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Reference

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-nxaaa http://www.securityfocus.com/bid/93410 http://www.securitytracker.com/id/1036947

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.0