Guest

Preview Tool

Cisco Bug: CSCus44856 - vdc-admin on N7K VDC can execute shell commands using tar

Last Modified

May 18, 2018

Products (8)

  • Cisco Nexus 7000 Series Switches
  • Cisco Nexus 7000 10-Slot Switch
  • Cisco Nexus 7000 4-Slot Switch
  • Cisco Nexus 7700 6-Slot Switch
  • Cisco Nexus 7000 18-Slot Switch
  • Cisco Nexus 7700 18-Slot Switch
  • Cisco Nexus 7700 10-Slot Switch
  • Cisco Nexus 7000 9-Slot Switch

Known Affected Releases

6.2(10)

Description (partial)

Symptoms:
Cisco Nexus devices running an affected version of Cisco NX-OS software contain a local privilege escalation vulnerability within the command line interpreter (CLI) that could 
allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with user privileges.

The vulnerability exists due to insufficient input sanitization of parameters passed to the tar command on the CLI of an affected device.  An attacker could leverage this behavior to 
execute arbitrary commands on the underlying operating system with the privileges of the user authenticated to the device.

Conditions:
Cisco Nexus devices running an affected version of Cisco NX-OS software.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.