Executive Summary
| Summary | |
|---|---|
| Title | Cisco NX-OS Software-Based Products Authentication, Authorization, and Accounting Bypass Vulnerability |
| Informations | |||
|---|---|---|---|
| Name | cisco-sa-20161005-nxaaa | First vendor Publication | 2016-10-05 |
| Vendor | Cisco | Last vendor Modification | 2016-10-05 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 8 | Authentication | Requires single instance |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A vulnerability in the SSH subsystem of the Cisco Nexus family of products could allow an authenticated, remote attacker to bypass authentication, authorization, and accounting (AAA) restrictions. The vulnerability is due to the improper processing of certain parameters that are passed to an affected device during the negotiation of an SSH connection. An attacker could exploit this vulnerability by authenticating to an affected device and passing a malicious value as part of the login procedure. A successful exploit could allow an attacker to bypass AAA restrictions and execute commands on the device command-line interface (CLI) that should be restricted to a different privileged user role. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-nxaaa BEGIN PGP SIGNATURE Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJX9RRvAAoJEK89gD3EAJB50dgQAIrB5QpyIh8qhoZ2M5E5tHaU 8kp4One/3FfMzgACfWpMGR51Cwuz6janS3CvjsXdVv5G6NNlUmQr2DTq1/WOy18 +ZLPdrDUo9CCwOxCm8Xg4dWIud6KbioaVMTNdC5Ut7OvgkjxWkjkBZ2ZqELai5G9G eZQ13hvNmUvNt0FH2Cd+fN+jyVv2Q4YYtPrwQ5028vSn/eESfxXi1/NZq5v/Qw9c YYEonqDugjCEj0i3YfQU7gfSsOzSdZ3BG8l3LAFr4Ciw7yETDdm18oSUWM/D/1gf O7bqpoEZ6lxBNEumfSJG/HHVMqVvYrORjmy4pSbtHq7gVCigqNCv7Bh9LaWnoy5g E2bunRgPR1dtp+9a9mSFdrhyNYI04Eg7HcIcLSaDtdAHJVTNPJzFIZLF11qGpuQv Fmy+F14rftAt6jOmuuBbYKh01bK+nfVSMATy4oLh8eCoxjwzHigbYG9gz3Ma9xEg JZn4EytMq7PHeU8rlUS6BaeG4/SZJ5y9giXRmwFkkKtdXRWIIK54KZalYvgjz8GG /5NqnoVJvL2ehr/c1E8c4x0XKKwkCd+6MwzXXfR3rgyXa35wLl7vbM0jI+RfJybS Qiw8wDZ44v05TP91vxz6q/bh0KBUo+A0PmU9GDqQoJ5xAEUeYl5K+ugWGKAauDKR WgrVbP4KcUSdQAj1zgZ0 =NOCy END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
| Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-264 | Permissions, Privileges, and Access Controls |
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2016-10-14 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20161005-ssh-nxos.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2016-10-15 13:26:01 |
|
| 2016-10-12 21:26:09 |
|
| 2016-10-06 17:25:22 |
|
| 2016-10-05 21:21:56 |
|
