Status update for the announcement on 6th Mar 2019 (Cisco NX-OS Software Unauthorized Filesystem Access Vulnerability) – 11th Mar 2019.

Preface: On 6th Mar, 2019, Cisco announcement that there are vulnerabilities found on Cisco FXOS and NX-OS Software. The total 26 of the vulnerabilities have a Security Impact Rating (SIR) of High. Successful exploitation of the vulnerabilities could allow an attacker to gain unauthorized access.

Technical background:
Cisco NX-OS based on Wind River Linux and is inter-operable with other Cisco operating systems. The command-line interface of NX-OS is similar to that of Cisco IOS. Recent NX-OS has both Cisco-style CLI and Bash shell available.

Status update on 11th Mar 2019: The vulnerability is due to a failure to impose strict filesystem permissions on the targeted device.
For more details, please refer url: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-file-access

My speculation: Sometimes if OS platform has unrestricted directory permissions could allow an unauthenticated, remote attacker to upload an arbitrary file. This file could allow the attacker to execute commands at the privilege level.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.