Cisco Bug: CSCul05217 - Cisco NX-OS Arbitrary File Read Vulnerability
Oct 11, 2019
- Cisco Nexus 7000 Series Switches
Known Affected Releases
Symptom: The Cisco NX-OS software contains a directory traversal vulnerability within the command line interface that could allow a local, authenticated attacker to disclose the contents of arbitrary files on the affected device. An attacker could leverage the NX-OS ''copy'' command to duplicate the contents of arbitrary files on the device to a user writable area of the filesystem. As the new file will be owned by the authenticated user, the attacker will be able to view the contents. This vulnerability affects the following platforms which are based on Cisco NX-OS: Cisco Nexus 9000 Cisco Nexus 7000 Cisco Nexus 6000 Cisco Nexus 5500 Cisco Nexus 5000 Cisco Nexus 4000 Cisco Nexus 3500 Cisco Nexus 3000 Cisco Nexus 1000V Cisco MDS 9000 Cisco Connected Grid Router 1000 Series Cisco Unified Computing System Fabric Interconnect 6200 Cisco Unified Computing System Fabric Interconnect 6100 Conditions: Device is running an affected version of Cisco NX-OS software, and an authenticated user with the privileges to run the copy command.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases