Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1773
Views
15
Helpful
2
Replies

CSCvw89875 - Cisco NX-OS Software Unauthenticated Arbitrary File Actions Vulnerability

jrenken
Level 1
Level 1

‎02-24-2021 07:10 PM

FYI, the Security Advisory regarding this bug (cisco-sa-3000-9000-fileaction-QtLzDRy2) contains ambiguous information. The Affected Products section says:

 

If the command returns output, as shown in the following example, the device is vulnerable:

nexus# show sockets connection | include 9075
tcp LISTEN 0 32 * : 9075

One possible interpretation is that if the command returns any output, the device is vulnerable. However, as I confirmed with TAC and with my own portscan (against patched and unpatched devices), the device is no longer vulnerable when (after patching) the fifth column of output has changed from * to *%veobc. This indicates that the service is now listening on internal-facing interfaces only.

 

I hope this saves you some time by addressing the concern I had.

2 people had this problem
2 Replies 2

Pichet Piriyakitkosol
Level 1
Level 1

‎03-01-2021 08:48 AM

Hi jrenken

According to your discussion with TAC Engineer and your lab test. Is this SMU require reload?

 

Thanks

Pichet

0 Helpful

jrenken
Level 1
Level 1
In response to Pichet Piriyakitkosol

‎03-01-2021 06:51 PM

Hi, Pichet,

 

We determined that a reload is not required: the output changed to *%veobc, and I confirmed with nmap that the vulnerable service was no longer available to hosts outside of the switch itself. The TAC engineer had first thought that a reload might be required, but then verified in the TAC lab that it was not.

0 Helpful
Customers Also Viewed These Support Documents