漏洞标题
Cisco Nexus 9000系列 fabricswitch 应用为中心的基础设施模式权限提升漏洞
漏洞描述信息
思科Nexus 9000系列 fabricswitch 应用为中心基础设施模式权限提升漏洞
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode Privilege Escalation Vulnerability
漏洞描述信息
A vulnerability in the controller authorization functionality of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attacker to escalate standard users with root privilege on an affected device. The vulnerability is due to a misconfiguration of certain sudoers files for the bashroot component on an affected device. An attacker could exploit this vulnerability by authenticating to the affected device with a crafted user ID, which may allow temporary administrative access to escalate privileges. A successful exploit could allow the attacker to escalate privileges on an affected device. This Vulnerability has been fixed in version 4.0(1h)
CVSS信息
N/A
漏洞类别
配置
漏洞标题
Cisco Nexus 9000 Series ACI Mode Switch Software 配置错误漏洞
漏洞描述信息
Cisco Nexus 9000 Series ACI Mode Switch Software(处于ACI模式)中的NX-OS Software的controller authorization功能存在配置错误漏洞,该漏洞源于程序为bashroot组件错误地配置了sudoers文件。本地攻击者可借助特制的用户ID对受影响设备进行身份验证利用该漏洞提升权限。
CVSS信息
N/A
漏洞类别
配置错误