Guest

Preview Tool

Cisco Bug: CSCun34093 - CLI View allows all sub commands when we use all keyword with interface

Last Modified

Nov 27, 2020

Products (1)

  • Cisco 2600 Series Multiservice Platforms

Known Affected Releases

12.2(33.1) 15.2(1.1)

Description (partial)

Symptom:
When we use cli view and use all keyword in front of the interface it starts allowing all the sub commands to get executed (despite on top we have allowed a specific command only).

e.g. To restrict users from executing all the sub interface commands parser view is configured  so that only allowed commands can be executed by that group of users. So if we want to restrict the user to only execute  switchport mode access and all the show commands this what needs to be done

parser view SYSTEMS
 secret 5 $1$wPLI$KxLFltFvrOQTgQStjZUmA0
 commands interface include switchport
commands configure include all interface
 commands exec include configure terminal
 commands exec include configure
commands exec include all show

Now we found that that when we use all keyword and the user logs on to the view and tries to go in the interface he can execute and see all the sub commands including switchport mode access


Then if we stay in that interface level and execute do sh run or do sh ver parser view starts behaving normally and the user now can only execute the allowed command only e.g switchport mode access.

Conditions:
Observed in all 12.2 but is present in all the version
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.