Cisco Bug: CSCvt64918 - Vem-support process argument shows external server password in plain text
May 12, 2020
- Cisco Application Policy Infrastructure Controller (APIC)
Known Affected Releases
Symptom: A vulnerability in the diagnostic technical support generation of the Cisco ACI Virtual Edge could allow an authenticated, local attacker to view sensitive information on both the local CLI of the AVE and within the technical support file itself. This information is sensitive and should should be restricted. The vulnerability is due to lack of proper masking of sensitive information before being written to the CLI history and within the technical support file itself. An attacker could exploit this vulnerability by authenticating to the targeted device and inspecting a specific CLI history or technical support file. The attacker would need valid user credentials. Conditions: The default configuration of the device.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases