Guest

Preview Tool

Cisco Bug: CSCun02887 - NX-OS Python Parser Privilege Escalation Vulnerabilities

Last Modified

Jan 10, 2020

Products (1)

  • Cisco MDS 9000 NX-OS and SAN-OS Software

Known Affected Releases

6.0(2) 6.2(2)

Description (partial)

Symptoms:
Cisco Nexus devices running Cisco NX-OS software contain privilege escalation vulnerabilities within the Python subsystem that could allow an authenticated, local attacker to 
gain elevated privileges.

The vulnerabilities are due to insufficient hardening of the underlying operating system on which NX-OS is based.  An attacker that has sufficient privileges to execute arbitrary 
python scripts on an affected device can leverage this access to elevate their privileges to that of root.

Conditions:
Cisco Nexus devices running an affected version of Cisco NX-OS software.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.