Guest

Preview Tool

Cisco Bug: CSCur14589 - vulnerability related to cmd injection via DHCP offer options

Last Modified

Jun 10, 2017

Products (1)

  • Cisco Nexus 7000 Series Switches

Known Affected Releases

7.1(0)D1(0.226) 7.3(0.2)

Description (partial)


Symptom:
Command injection via DHCP offer options used with PowerOn Auto Provisioning (POAP)


Conditions: 
NX-OS Switch would have to be in a state where POAP is initiated, and if
an attacker can either:
A) Inject their own DHCP server and respond to the POAP DHCP request with
crafted DHCP options.
B) Compromise an existing DHCP server, and craft the specific DHCP
options.

Then during the POAP process, when the crafted DHCP options are processed
arbitrary commands on the system could be executed in the context of root
user.

Note this issue only occurs during the POAP DHCP boot process.

First Fixed Releases:
6.2(10)
7.1(0)N1(1)
7.1(2)N1(1)  
7.2(0)N1(1)



Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.