Guest

Preview Tool

Cisco Bug: CSCul05217 - Cisco NX-OS Arbitrary File Read Vulnerability

Last Modified

Oct 11, 2019

Products (1)

  • Cisco Nexus 7000 Series Switches

Known Affected Releases

7.0(0.128)S0

Description (partial)

Symptom:
The Cisco NX-OS software contains a directory traversal vulnerability within the command line interface that could allow a local, authenticated attacker to disclose the contents of arbitrary files on the affected device.  An attacker could leverage the NX-OS ''copy'' command to duplicate the contents of arbitrary files on the device to a user writable area of the filesystem.  As the new file will be owned by the authenticated user, the attacker will be able to view the contents.

This vulnerability affects the following platforms which are based on Cisco NX-OS:

Cisco Nexus 9000
Cisco Nexus 7000
Cisco Nexus 6000
Cisco Nexus 5500
Cisco Nexus 5000
Cisco Nexus 4000
Cisco Nexus 3500
Cisco Nexus 3000
Cisco Nexus 1000V
Cisco MDS 9000
Cisco Connected Grid Router 1000 Series
Cisco Unified Computing System Fabric Interconnect 6200
Cisco Unified Computing System Fabric Interconnect 6100

Conditions:
Device is running an affected version of Cisco NX-OS software, and an authenticated user with the privileges to run the copy command.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.