Guest

Preview Tool

Cisco Bug: CSCvu34342 - ENH: DNA Spaces Connector allows bypassing of the Restrictive Shell Escape

Last Modified

Jun 16, 2020

Products (1)

  • Cisco DNA Spaces

Known Affected Releases

2.3 docker-v2.0.238

Description (partial)

Symptom:
DNA Spaces Connector version 2.0.238 allow users to bypass the default restrictive shell allowing access to the rbash shell. For example, customer is able to copy the regular bash program located in the /bin directory to their working directory in /home/cmxadmin/bin, which allowed the customer to run the bash program like normal.

Conditions:
DNA Spaces Connector version 2.0.238.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.