Test Kennung:	1.3.6.1.4.1.25623.1.0.103889
Kategorie:	CISCO
Titel:	Cisco NX-OS Software TACACS+ Command Authorization Vulnerability (Cisco-SA-20140123-CVE-2014-0676)
Zusammenfassung:	A vulnerability in the TACACS+ command authorization code of; Cisco NX-OS Software could allow an authenticated, local attacker to execute certain commands; without TACACS+ server authorization.
Beschreibung:	Summary: A vulnerability in the TACACS+ command authorization code of Cisco NX-OS Software could allow an authenticated, local attacker to execute certain commands without TACACS+ server authorization. Vulnerability Insight: The vulnerability is due to the processing of certain commands when executed in a sequence. An attacker could exploit this vulnerability by executing multiple commands in a sequence. Vulnerability Impact: A successful exploit could allow the attacker to execute certain commands without TACACS+ server authorization. Affected Software/OS: Cisco Nexus 7000 Series Switches running NX-OS 6.1(4). Solution: See the referenced vendor advisory for a solution. CVSS Score: 6.8 CVSS Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0676 BugTraq ID: 65083 http://www.securityfocus.com/bid/65083 Cisco Security Advisory: 20140122 Cisco NX-OS Software TACACS+ Command Authorization Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0676 http://osvdb.org/102366 http://www.securitytracker.com/id/1029690 http://secunia.com/advisories/56597 XForce ISS Database: cisco-nxos-cve20140676-priv-esc(90627) https://exchange.xforce.ibmcloud.com/vulnerabilities/90627
Copyright	Copyright (C) 2014 Greenbone Networks GmbH

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.