Guest

Preview Tool

Cisco Bug: CSCur08416 - NX-OS python allows users from one VDC to delete files from another VDC

Last Modified

Oct 21, 2019

Products (1)

  • Cisco Nexus 7000 Series Switches

Known Affected Releases

7.3(1)XX(0.1)

Description (partial)

Symptom:
Cisco Nexus 7000 devices that have been configured with multiple Virtual Device Context (VDC) contain a privilege escalation vulnerability within the Python scripting subsystem 
that could allow an authenticated, local attacker to delete files owned by a different VDC on the device.

The vulnerability exists due to incomplete privilege separation of the python scripting engine across multiple VDC's.  This could allow an attacker with administrative privileges in a 
specific VDC to remove files owned by a separate VDC.  This could result in a denial of service condition on the affected device.

Conditions:
Cisco Nexus 7000 devices running an affected version of Cisco NX-OS software.

Devices configured for multiple Virtual Device Contexts.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.