Guest

Preview Tool

Cisco Bug: CSCvt64918 - Vem-support process argument shows external server password in plain text

Last Modified

May 12, 2020

Products (1)

  • Cisco Application Policy Infrastructure Controller (APIC)

Known Affected Releases

2.2(3a)

Description (partial)

Symptom:
A vulnerability in the diagnostic technical support generation of the Cisco ACI Virtual Edge could allow an authenticated, local attacker to view sensitive information on both the local CLI of the AVE and within the technical support file itself. This information is sensitive and should should be restricted.

The vulnerability is due to lack of proper masking of sensitive information before being written to the CLI history and within the technical support file itself. An attacker could exploit this vulnerability by authenticating to the targeted device and inspecting a specific CLI history or technical support file. The attacker would need valid user credentials.

Conditions:
The default configuration of the device.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.