Cisco NX-OS Logging Vulnerability Allowing Sensitive Information Disclosure

A vulnerability exists in the logging feature of Cisco NX-OS Software, affecting Nexus 3000 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, UCS 6400 Fabric Interconnects, UCS 6500 Series Fabric Interconnects, and UCS 9108 100G Fabric Interconnects. This vulnerability allows an authenticated, local attacker to access sensitive information, such as stored credentials, due to improper logging of sensitive data. On Nexus devices, access to the underlying operating system's file system is required to reach the log files. For UCS Fabric Interconnects, a tech support file must be generated and downloaded, as system log files are not directly accessible through the CLI or UCS Manager UI.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information, including stored credentials.

Remediation

Cisco has released software updates to address this vulnerability. For Cisco NX-OS Software, users can consult the Cisco Software Checker tool to determine their exposure and find the first fixed release. For UCS 6400 Series and 6500 Series Fabric Interconnects, users should upgrade to version 4.2(3p) or 4.3(6c), depending on their current release. UCS X-Series Direct Fabric Interconnect 9108 100G users should also upgrade to version 4.3(6c).