Vulnslist

find the latest Cisco vulnerabilities

Cisco Network Services Orchestrator CLI Secure Shell Server Privilege Escalation Vulnerability

cisco-sa-nso-priv-esc-XXqRtTfT · High · Published · Updated

A vulnerability in Cisco Network Services Orchestrator (NSO) could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which Cisco NSO is running, which is root by default. To exploit this vulnerability, an attacker must have a valid account on an affected device. The vulnerability exists because the affected software incorrectly runs the SFTP user service at the privilege level of the account that was running when the NSO built-in Secure Shell (SSH) server for CLI was enabled. If the NSO built-in SSH server was not enabled, the device is not affected by this vulnerability. An attacker with low-level privileges could exploit this vulnerability by authenticating to an affected device and issuing a series of commands at the SFTP interface. A successful exploit could allow the attacker to elevate privileges to the level of the account under which Cisco NSO is running, which is root by default. Note: Any user who can authenticate to the built-in SSH server may exploit this vulnerability. By default, all Cisco NSO users have this access if the server is enabled. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.  This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-priv-esc-XXqRtTfT

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability. However, a mitigation is available.

Administrators can disable the NSO built-in SSH server and run the ncs_cli program as a login shell. For guidance on using the ncs_cli program, see NSO 5.5 User Guide: Starting the CLI https://developer.cisco.com/docs/nso/guides/#!the-nso-cli/starting-the-cli .

While this mitigation has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.

CVEsCVE-2021-1572
Cisco Bug IDsCSCvy43896, CSCwh35199
CVSS ScoreBase 7.8
Base 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
Product Names From Source
Cisco Network Services Orchestrator, Cisco ConfD, Cisco ConfD Basic

CSAF Product Statuses

Product Status Source CVE Rows
Cisco ConfD known_affected cisco_csaf CVE-2021-1572 1
Cisco ConfD Basic known_affected cisco_csaf CVE-2021-1572 1
Cisco Network Services Orchestrator known_affected cisco_csaf CVE-2021-1572 1

Related Products

Product CVE Evidence
Cisco ConfD CVE-2021-1572 Cisco OpenVuln
Cisco ConfD Basic CVE-2021-1572 Cisco OpenVuln
Cisco Network Services Orchestrator CVE-2021-1572 Cisco OpenVuln