Vulnerability Bulletins

Cisco NX-OS Software SSH X.509v3 Certificate Authentication with Unsupported Remote Authorization Method Privilege Escalation Issues


System information

   
Affected software Cisco

Description

For certain products that are running Cisco NX-OS Software and are configured for SSH authentication with an X.509 version 3 (X.509v3) certificate, two remote authorization methods are unsupported and could allow for privilege escalation: TACACS+ and certain configurations of Lightweight Directory Access Protocol (LDAP). TACACS+ does not properly validate the distinguished name (DN) of the X.509v3 certificate due to a logic error with authentication, authorization, and accounting (AAA). LDAP

More info:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-x509v3-unsupportedconfig-ScRtAbUk?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20NX-OS%20Software%20SSH%20X.509v3%20Certificate%20Authentication%20with%20Unsupported%20Remote%20Authorization%20Method%20Privilege%20Escalation%20Issues&vs_k=1

Standar resources

Property Value
CVE

Version history

Version Comments Date
1.0 Advisory issued 2023-02-23
Ministerio de Defensa
CNI
CCN
CCN-CERT