Cisco Bug: CSCum03680 - IOS XR hostname command should not be allowed wth just READ persmission on host-services
Feb 13, 2018
- Cisco Carrier Routing System
Known Affected Releases
4.2.3.BASE 4.3.2.BASE 6.1.3.BASE
Symptom: A vulnerability in the Role Based Access Control for certain CLI commands for Cisco IOS XR Software could allow an authenticated, local attacker to modify device configuration information which should not be allowed for the user's permission level. The vulnerability is due to incomplete RBAC validation for certain CLI commands. An attacker could exploit this vulnerability by authenticating to the device and issuing specific CLI commands. An exploit could allow the attacker to modify device configuration information which should not be allowed for the user's permission level. Conditions: User has only READ permissions on the ''host-services'' taskid.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases