Guest

Preview Tool

Cisco Bug: CSCus48748 - vdc-operator on N7K VDC can show startup config using crafted CLI cmds

Last Modified

Jul 20, 2017

Products (8)

  • Cisco Nexus 7000 Series Switches
  • Cisco Nexus 7000 10-Slot Switch
  • Cisco Nexus 7000 4-Slot Switch
  • Cisco Nexus 7700 6-Slot Switch
  • Cisco Nexus 7700 18-Slot Switch
  • Cisco Nexus 7000 18-Slot Switch
  • Cisco Nexus 7000 9-Slot Switch
  • Cisco Nexus 7700 10-Slot Switch

Known Affected Releases

6.2(10)

Description (partial)

Symptoms:
Cisco Nexus devices running Cisco NX-OS software contain an information disclosure vulnerability within the command line interpreter that could allow an authenticated, local attacker to 
disclose the startup configuration of a device on which they are assigned to a Virtual Device Context (VDC). 

The vulnerability exists improper input sanitization of a certain CLI command.  An attacker assigned to the operator role of a VDC could leverage this vulnerability to display the startup 
configuration the device that their VDC has been assigned to.

Conditions:
Cisco Nexus devices running an affected version of Cisco NX-OS software.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.