A vulnerability in the SFTP server implementation for Cisco Nexus 3000 Series Switches and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, remote attacker to download or overwrite files from the underlying operating system of an affected device. This vulnerability is due to a logic error when verifying the user role when an SFTP connection is opened to an affected device. An attacker could exploit this vulnerability by connecting and authenticating via SFTP as a valid, non-administrator user. A successful exploit could allow the attacker to read or overwrite files from the underlying operating system with the privileges of the authenticated user. There are workarounds that address this vulnerability.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NCisco Nexus 3048
HWCiscowszystkie wersjeCisco Nexus 31108pc V
HWCiscowszystkie wersjeCisco Nexus 31108tc V
HWCiscowszystkie wersjeCisco Nexus 31128pq
HWCiscowszystkie wersjeCisco Nexus 3132c Z
HWCiscowszystkie wersjeCisco Nexus 3132q V
HWCiscowszystkie wersjeCisco Nexus 3132q Xl
HWCiscowszystkie wersjeCisco Nexus 3164q
HWCiscowszystkie wersjeCisco Nexus 3172pq
HWCiscowszystkie wersjeCisco Nexus 3172pq Xl
HWCiscowszystkie wersjeCisco Nexus 3172tq
HWCiscowszystkie wersjeCisco Nexus 3172tq 32t
HWCiscowszystkie wersjeCisco Nexus 3172tq Xl
HWCiscowszystkie wersjeCisco Nexus 3232c
HWCiscowszystkie wersjeCisco Nexus 3264c E
HWCiscowszystkie wersjeCisco Nexus 3264q
HWCiscowszystkie wersjeCisco Nexus 3408 S
HWCiscowszystkie wersjeCisco Nexus 34180yc
HWCiscowszystkie wersjeCisco Nexus 34200yc Sm
HWCiscowszystkie wersjeCisco Nexus 3432d S
HWCiscowszystkie wersjeCisco Nexus 3464c
HWCiscowszystkie wersjeCisco Nexus 3524
HWCiscowszystkie wersjeCisco Nexus 3524 X
HWCiscowszystkie wersjeCisco Nexus 3524 Xl
HWCiscowszystkie wersjeCisco Nexus 3548
HWCiscowszystkie wersjeCisco Nexus 3548 X
HWCiscowszystkie wersjeCisco Nexus 3548 Xl
HWCiscowszystkie wersjeCisco Nexus 36180yc R
HWCiscowszystkie wersjeCisco Nexus 3636c R
HWCiscowszystkie wersjeCisco Nexus 9000v
HWCiscowszystkie wersje
Powiązane podatności
A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switc...
A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure (...
A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could a...
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker ...
Buffer overflow in the Overlay Transport Virtualization (OTV) GRE feature in Cisco NX-OS 5.0 through 7.3 on Ne...