Guest

Preview Tool

Cisco Bug: CSCvt40927 - Cisco IOS-XR Software Information Disclosure Vulnerability

Last Modified

Sep 02, 2020

Products (1)

  • Cisco ASR 9000 Series Aggregation Services Routers

Known Affected Releases

7.0.11.BASE

Description (partial)

Symptom:
A vulnerability in the dossier feature in IOS XR Software used in Cisco Crosswork Trust Insights could allow an authenticated, remote attacker to view sensitive configuration information.

The vulnerability is due to a failure to sanitize the running-config of any credentials and secrets before including them in dossiers. An attacker could exploit this vulnerability by issuing certain commands from the affected device. An exploit could allow the authenticated attacker to inadvertently expose sensitive information to the cloud.

Conditions:
Device running affected software.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.