Cisco NX-OS software TACACS + Server Local Privilege Escalation Vulnerability
Cisco NX-OS software TACACS + Server Local Privilege Escalation Vulnerability
Release date:
Updated on:
Affected Systems:
Cisco NX-OS
Description:
--------------------------------------------------------------------------------
Bugtraq id: 65083
CVE (CAN) ID: CVE-2014-0676
Cisco NX-OS is a data center-level operating system that represents a modular design, always-on and maintainability.
Cisco NX-OS's TACACS + command authorization code has a security vulnerability that allows authenticated local attackers to execute certain commands without authorization.
<* Source: Cisco
Link: http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0676
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Cisco
-----
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.cisco.com/go/psirt