Guest

Preview Tool

Cisco Bug: CSCul72684 - N7k: Default credentials vulnerability on CMP

Last Modified

Jan 28, 2017

Products (1)

  • Cisco Nexus 7000 Series Switches

Known Affected Releases

5.0(0.66)

Description (partial)

Symptoms:
A vulnerability in authentication module of CMP component of Cisco Nexus 7000 could allow an authenticated, remote attacker to log in to CMP using 
credentials that were previously deleted from the Supervisor.

The vulnerability is due to the way CMP caches credentials from a Supervisor, if the user ever uses these credentials to log in to the CMP. Once deleted 
from a Supervisor, those credentials will still be cached on the CMP. An attacker could exploit this vulnerability by loging into the CMP, using deleted 
credentials from a Supervisor.

Conditions:

If the local user exists on the Supervisor, and is used to log into the CMP, CMP will cache those credentials.
All credentials are authenticated by the Supervisor, if the Supervisor is running.

When the local user is deleted from the Supervisor, the CMP still caches those credentials and they may be used to log in directly to CMP.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.