Cisco Bug: CSCur08416 - NX-OS python allows users from one VDC to delete files from another VDC
Oct 21, 2019
- Cisco Nexus 7000 Series Switches
Known Affected Releases
Symptom: Cisco Nexus 7000 devices that have been configured with multiple Virtual Device Context (VDC) contain a privilege escalation vulnerability within the Python scripting subsystem that could allow an authenticated, local attacker to delete files owned by a different VDC on the device. The vulnerability exists due to incomplete privilege separation of the python scripting engine across multiple VDC's. This could allow an attacker with administrative privileges in a specific VDC to remove files owned by a separate VDC. This could result in a denial of service condition on the affected device. Conditions: Cisco Nexus 7000 devices running an affected version of Cisco NX-OS software. Devices configured for multiple Virtual Device Contexts.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases