Symptom
Cisco devices running NX-OS include hidden commands that could allow an authenticated, local attacker to view arbitrary files on on the
underlying operating system. This could result in the disclosure of critical system information.
The following Cisco Nexus devices are affected:
Cisco Nexus 7000 Series
Cisco Nexus 5000 Series
Cisco Nexus 3000 Series
Cisco Nexus 1000V Series
Conditions
Cisco Nexus and MDS switches running an affected version of NX-OS software are affected.
Workaround
Restrict access to trusted users only.
Further Problem Description
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are :
4.6/3.8
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:L/AC:L/Au:S/C:C/I:N/A:N/E:F/RL:OF/RC:C&version=2.0
CVE ID CVE-2012-4134 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
