Preview Tool

Cisco Bug: CSCvu75147 - MGBL-AAA:Unauthorised user able to access data through Cisco-IOS-XR-perf-meas-oper.xml

Last Modified

Sep 02, 2020

Products (1)

  • Cisco ASR 9000 Series Aggregation Services Routers

Known Affected Releases


Description (partial)

Performance measurement operational schema data can be accessed through netconf with xml request by user login with limited permission when expecting no data to be returned.

Log in as TACACS authen/author with limited permission as service admin, send xml get request through netconf to retrieve performance measurement operational data
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="101">
      <performance-measurement xmlns="*oper"/>
      <performance-measurement-responder xmlns="*oper"/>
This request get data back in response which is not expected under some user permission.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.