Cisco NX-OS Software NX-API Arbitrary Code Execution Vulnerability
Description
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary code as root. The vulnerability is due to incorrect input validation in the NX-API feature. An attacker could exploit this vulnerability by sending a crafted HTTP or HTTPS request to an internal service on an affected device that has the NX-API feature enabled. A successful exploit could allow the attacker to cause a buffer overflow and execute arbitrary code as root. Note: The NX-API feature is disabled by default. MDS 9000 Series Multilayer Switches are affected in versions prior to 8.1(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(8) and 7.0(3)I7(1). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(8). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.3(2)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 7.3(3)D1(1). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I4(8) and 7.0(3)I7(1). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cisco NX-OS NX-API feature contains a buffer overflow vulnerability allowing authenticated local attackers to execute arbitrary code as root.
Vulnerability
The vulnerability resides in the NX-API feature of Cisco NX-OS Software. Due to incorrect input validation, a crafted HTTP or HTTPS request can trigger a buffer overflow. Affected platforms include MDS 9000 Series (prior to 8.1(1)), Nexus 3000 (prior to 7.0(3)I4(8) and 7.0(3)I7(1)), Nexus 3500 (prior to 6.0(2)A8(8)), Nexus 3600 (prior to 7.0(3)F3(5)), Nexus 2000/5500/5600/6000 (prior to 7.3(2)N1(1)), Nexus 7000/7700 (prior to 7.3(3)D1(1)), Nexus 9000 Standalone (prior to 7.0(3)I4(8) and 7.0(3)I7(1)), and Nexus 9500 R-Series (prior to 7.0(3)F3(5)). The NX-API feature is disabled by default.
Exploitation
An attacker must have authenticated local access to the device and the NX-API feature must be enabled. The attacker sends a specially crafted HTTP or HTTPS request to an internal service on the device. The request exploits the input validation flaw to cause a buffer overflow, leading to arbitrary code execution.
Impact
Successful exploitation allows the attacker to execute arbitrary code with root privileges, resulting in full compromise of the affected device. This includes complete control over the system, data access, and potential for further network attacks.
Mitigation
Cisco has released free software updates to address this vulnerability. Affected users should upgrade to the fixed versions as specified in the advisory [1]. As a workaround, if NX-API is not required, it should be disabled. No other workarounds are mentioned. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog as of the publication date.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
9- Range: unspecified
- Range: unspecified
unspecified+ 1 more
- (no CPE)range: unspecified
- (no CPE)range: unspecified
- Range: unspecified
- Range: unspecified
- Range: unspecified
- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-api-exmitrevendor-advisoryx_refsource_CISCO
- www.securityfocus.com/bid/107313mitrevdb-entryx_refsource_BID
News mentions
0No linked articles in our index yet.