Guest

Preview Tool

Cisco Bug: CSCur00057 - vdc-admin on N7K VDC can read other VDCs (and Admin VDC) config files

Last Modified

Feb 15, 2018

Products (7)

  • Cisco Nexus 7000 Series Switches
  • Cisco Nexus 7000 10-Slot Switch
  • Cisco Nexus 7000 4-Slot Switch
  • Cisco Nexus 7700 18-Slot Switch
  • Cisco Nexus 7000 18-Slot Switch
  • Cisco Nexus 7000 9-Slot Switch
  • Cisco Nexus 7700 10-Slot Switch

Known Affected Releases

6.2(2)

Description (partial)

Symptoms:
Cisco Nexus devices running Cisco NX-OS software contain an information disclosure vulnerability within the command line interpreter that could allow an authenticated, local attacker to disclose the configuration 
of a Virtual Device Context (VDC) to which they are not assigned. 

The vulnerability exists due to a lack of path sanitization on a certain show command.  An attacker assigned to the administrative role of a VDC could leverage this vulnerability to display the configuration of a VDC 
to which they are not assigned.

Conditions:
Cisco Nexus devices running an affected version of Cisco NX-OS software
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.