Cisco NX-OS virtual appliance environment (VDC) SSH Remote Privilege Escalation Vulnerability

Release date:
Updated on:

Affected Systems:
Cisco NX-OS
Description:
--------------------------------------------------------------------------------
Bugtraq id: 67571
CVE (CAN) ID: CVE-2014-2200
 
Cisco NX-OS is a data center-level operating system that represents a modular design, always-on and maintainability. Cisco NX-OS is able to divide OS and hardware resources into virtual environments that simulate virtual devices. Each VDC has its own software process, dedicated hardware resources (interfaces), and an independent management environment.
 
A remote privilege escalation vulnerability exists in implementation after Cisco NX-OS devices have multiple VDC on the system and are configured with local authentication, authenticated remote attackers can exploit this vulnerability to access the management interface through SSH of the affected device to obtain the administrator privilege on another VDC.
 
<* Source: vendor

Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
 
Cisco
-----
Cisco has released a Security Bulletin (cisco-sa-20140521-nxos) and patches for this:
Cisco-sa-20140521-nxos: Multiple Vulnerabilities in Cisco NX-OS-Based Products
Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos

This article permanently updates the link address: