CVE-2014-0676

Name of the Vulnerable Software and Affected Versions Cisco NX-OS (affected versions not specified)

Description A local user can bypass intended TACACS+ command restrictions by executing a series of multiple commands. The issue arises from the processing of certain commands when executed in a sequence, allowing an authenticated, local attacker to execute certain commands without TACACS+ server authorization. To exploit this, an attacker must have local access to an affected device, which reduces the possibility of a successful exploit.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.