ID de Prueba:	1.3.6.1.4.1.25623.1.0.103889
Categoría:	CISCO
Título:	Cisco NX-OS Software TACACS+ Command Authorization Vulnerability (Cisco-SA-20140123-CVE-2014-0676)
Resumen:	A vulnerability in the TACACS+ command authorization code of; Cisco NX-OS Software could allow an authenticated, local attacker to execute certain commands; without TACACS+ server authorization.
Descripción:	Summary: A vulnerability in the TACACS+ command authorization code of Cisco NX-OS Software could allow an authenticated, local attacker to execute certain commands without TACACS+ server authorization. Vulnerability Insight: The vulnerability is due to the processing of certain commands when executed in a sequence. An attacker could exploit this vulnerability by executing multiple commands in a sequence. Vulnerability Impact: A successful exploit could allow the attacker to execute certain commands without TACACS+ server authorization. Affected Software/OS: Cisco Nexus 7000 Series Switches running NX-OS 6.1(4). Solution: See the referenced vendor advisory for a solution. CVSS Score: 6.8 CVSS Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0676 BugTraq ID: 65083 http://www.securityfocus.com/bid/65083 Cisco Security Advisory: 20140122 Cisco NX-OS Software TACACS+ Command Authorization Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0676 http://osvdb.org/102366 http://www.securitytracker.com/id/1029690 http://secunia.com/advisories/56597 XForce ISS Database: cisco-nxos-cve20140676-priv-esc(90627) https://exchange.xforce.ibmcloud.com/vulnerabilities/90627
Copyright	Copyright (C) 2014 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.