Cisco NX-OS Software SSH X.509v3 Certificate Authentication with Unsupported Remote Authorization Method Privilege Escalation Issues
|
System information
|
|
|
Affected software |
Cisco |
Description
|
For certain products that are running Cisco NX-OS Software and are configured for SSH authentication with an X.509 version 3 (X.509v3) certificate, two remote authorization methods are unsupported and could allow for privilege escalation: TACACS+ and certain configurations of Lightweight Directory Access Protocol (LDAP). TACACS+ does not properly validate the distinguished name (DN) of the X.509v3 certificate due to a logic error with authentication, authorization, and accounting (AAA). LDAP
More info:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-x509v3-unsupportedconfig-ScRtAbUk?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20NX-OS%20Software%20SSH%20X.509v3%20Certificate%20Authentication%20with%20Unsupported%20Remote%20Authorization%20Method%20Privilege%20Escalation%20Issues&vs_k=1 |
Standar resources
|
Property |
Value |
CVE |
|