Cisco FXOS Software Information Exposure Vulnerability

Summary

A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to view sensitive system files that should be restricted. The attacker could use this information to conduct additional reconnaissance attacks.

Credit:

The information has been provided by Vendor

The original article can be found at:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-fxos-info

 


Details

The vulnerability is due to incomplete role-based access control (RBAC) verification. An attacker could exploit this vulnerability by authenticating to the device and issuing a specific CLI diagnostic command with crafted user-input parameters. An exploit could allow the attacker to perform an arbitrary read of a file on the device, and the file may contain sensitive information. The attacker needs valid device credentials to exploit this vulnerability.

 

Vulnerable Systems:

Cisco FXOS Software 

Cisco NX-OS Software 

 

CVE Information:

CVE-2019-1734

 

Disclosure Timeline:
Published Date:11/5/2019