Cisco NX-OS Software Bash Shell Privilege Escalation Vulnerability
Description
A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to escalate their privilege level to root. The attacker must authenticate with valid user credentials. The vulnerability is due to incorrect permissions of a system executable. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the Bash prompt. A successful exploit could allow the attacker to escalate their privilege level to root. Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A local privilege escalation vulnerability in the Bash shell of Cisco NX-OS Software allows an authenticated attacker to gain root access.
Vulnerability
The Bash shell implementation for Cisco NX-OS Software contains a vulnerability in which incorrect permissions are set on a system executable. This flaw allows an authenticated, local attacker to escalate privileges. Affected products include Nexus 3000 Series Switches (versions prior to 7.0(3)I7(4)), Nexus 3500 Platform Switches (versions prior to 7.0(3)I7(4)), Nexus 3600 Platform Switches (versions prior to 7.0(3)F3(5)), Nexus 9000 Series Switches in Standalone NX-OS Mode (versions prior to 7.0(3)I7(4)), and Nexus 9500 R-Series Line Cards and Fabric Modules (versions prior to 7.0(3)F3(5)). [1]
Exploitation
An attacker must first authenticate to the device with valid user credentials. Once logged in, the attacker simply enters a crafted command at the Bash prompt. The vulnerability is triggered due to the incorrect file permissions of a system executable, allowing the command to execute with elevated privileges. No additional user interaction or complex sequence of steps is required beyond authenticating and issuing the command. [1]
Impact
Successful exploitation allows the attacker to escalate their privilege level from an authenticated user to the root superuser. This gives the attacker complete control over the affected Cisco NX-OS device, enabling full compromise of confidentiality, integrity, and availability. [1]
Mitigation
Cisco has released free software updates to address this vulnerability. Users should upgrade to the fixed versions: 7.0(3)I7(4) or later for Nexus 3000, 3500, and 9000 Series, and 7.0(3)F3(5) or later for Nexus 3600 and 9500 R-Series. Customers can contact Cisco TAC for assistance if they do not have a service contract. [1]
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
6- Range: Nexus 3000/3500/9000 <7.0(3)I7(4); Nexus 3600/9500 <7.0(3)F3(5)
- Range: unspecified
- Range: unspecified
- Range: unspecified
- Range: unspecified
- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-pemitrevendor-advisoryx_refsource_CISCO
- www.securityfocus.com/bid/107340mitrevdb-entryx_refsource_BID
News mentions
0No linked articles in our index yet.