漏洞信息详情
Cisco NX-OS 安全绕过漏洞
- CNNVD编号:CNNVD-201610-086 <!--
- 危害等级: 超危-->
- 危害等级: 超危
- CVE编号: CVE-2015-0721
- 漏洞类型: 权限许可和访问控制
- 发布时间: 2016-10-10
- 威胁类型: 远程
- 更新时间: 2016-10-10
- 厂 商: cisco
- 漏洞来源:
-
漏洞简介
Cisco NX-OS是美国思科(Cisco)公司的一套面向数据中心的操作系统。
Cisco NX-OS 4.0至7.3版本中的SSH子系统存在安全绕过漏洞,该漏洞源于SSH连接协商期间,程序没有正确处理参数。远程攻击者可利用该漏洞绕过AAA限制,在设备命令行上执行命令。运行Cisco NX-OS System Software的以下产品受到影响:Cisco Multilayer Director Switches,Nexus 1000V Series Switches,Nexus 2000 Series Fabric Extenders,Nexus 3000 Series Switches,Nexus 3500 Platform Switches,Nexus 4000 Series Switches,Nexus 5000 Series Switches,Nexus 5500 Platform Switches,Nexus 5600 Platform Switches,Nexus 6000 Series Switches,Nexus 7000 Series Switches,Nexus 7700 Series Switches,Nexus 9000 Series Switches in NX-OS mode。
漏洞公告
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-nxaaa
参考网址
来源:CISCO
链接:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-nxaaa
来源:securitytracker.com
链接:http://securitytracker.com/id/1036947
受影响实体
- Cisco Nx-Os:4.0%280%29n1%281a%29<!--2000-1-1-->
- Cisco Nx-Os:5.1%283%29n2%281c%29<!--2000-1-1-->
- Cisco Nx-Os:4.2%281%29n2%281%29<!--2000-1-1-->
- Cisco Nx-Os:5.0%283%29u1%282a%29<!--2000-1-1-->
- Cisco Nx-Os:5.0%283%29u2%282%29<!--2000-1-1-->
补丁
- Cisco NX-OS 安全绕过漏洞的修复措施<!--2016-10-10-->
还没有评论,来说两句吧...