中文描述:

Cisco NX-OS Software是美国思科（Cisco）公司的一套交换机使用的数据中心级操作系统软件。 Cisco NX-OS Software中Bash shell的实现存在权限许可和访问控制问题漏洞。该漏洞源于网络系统或产品缺乏有效的权限许可和访问控制措施。以下产品及版本受到影响：Cisco Nexus 3000 Series Switches；Nexus 3500 Platform Switches；Nexus 3600 Platform Switches；Nexus 7000 Series Switches；Nexus 7700 Series Switches；Nexus 9000 Series Switches in standalone NX-OS mode；Nexus 9500 R-Series Switching Platform。

英文描述:

A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to bypass the limited command set of the restricted Guest Shell and execute commands at the privilege level of a network-admin user outside of the Guest Shell. The attacker must authenticate with valid administrator device credentials. The vulnerability is due to the incorrect implementation of a CLI command that allows a Bash command to be incorrectly invoked on the Guest Shell CLI. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the Guest Shell prompt. A successful exploit could allow the attacker to issue commands that should be restricted by a Guest Shell account.

CWE类型:

标签:

中文解决方案:

英文解决方案:

临时解决方案:

发布时间:

修改时间:

创建时间:

更新时间:

当前版本: v3

主要语言: EN

支持语言: