Cisco Bug: CSCul72684 - N7k: Default credentials vulnerability on CMP
Jan 28, 2017
- Cisco Nexus 7000 Series Switches
Known Affected Releases
Symptoms: A vulnerability in authentication module of CMP component of Cisco Nexus 7000 could allow an authenticated, remote attacker to log in to CMP using credentials that were previously deleted from the Supervisor. The vulnerability is due to the way CMP caches credentials from a Supervisor, if the user ever uses these credentials to log in to the CMP. Once deleted from a Supervisor, those credentials will still be cached on the CMP. An attacker could exploit this vulnerability by loging into the CMP, using deleted credentials from a Supervisor. Conditions: If the local user exists on the Supervisor, and is used to log into the CMP, CMP will cache those credentials. All credentials are authenticated by the Supervisor, if the Supervisor is running. When the local user is deleted from the Supervisor, the CMP still caches those credentials and they may be used to log in directly to CMP.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases