漏洞类别:Cisco
漏洞等级: 
漏洞信息
A vulnerability in the SSH subsystem of the Cisco Nexus family of products could allow an authenticated, remote attacker to bypass authentication, authorization, and accounting (AAA) restrictions.
The vulnerability is due to the improper processing of certain parameters that are passed to an affected device during the negotiation of an SSH connection.
漏洞危害
An attacker could exploit this vulnerability by authenticating to an affected device and passing a malicious value as part of the login procedure. A successful exploit could allow an attacker to bypass AAA restrictions and execute commands on the device command-line interface (CLI) that should be restricted to a different privileged user role.
解决方案
Refer to Cisco advisory cisco-sa-20161005-nxaaa for updates and patch information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
cisco-sa-20161005-nxaaa: Cisco NX 1000V
cisco-sa-20161005-nxaaa: Cisco NX 5000
0day
文章评论