Cisco IOS XE Software IOx Guest Shell USB SSD Namespace Protection Privilege Escalation Vulnerability

A vulnerability in the file system on the pluggable USB 3.0 Solid State Drive (SSD) for Cisco IOS XE Software could allow an authenticated, physical attacker to remove the USB 3.0 SSD and modify sensitive areas of the file system, including the namespace container protections. 

The vulnerability occurs because the USB 3.0 SSD control data is not stored on the internal boot flash. An attacker could exploit this vulnerability by removing the USB 3.0 SSD, modifying or deleting files on the USB 3.0 SSD by using another device, and then reinserting the USB 3.0 SSD on the original device. A successful exploit could allow the attacker to remove container protections and perform file actions outside the namespace of the container with root privileges.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-usb-guestshell-WmevScDj

Security Impact Rating: Medium

CVE: CVE-2020-3396

Related:

  • No Related Posts

Discover Actionable Storage Insights with DataIQ

DataIQ 2.0: Introducing storage monitoring functionality The innovation engine at Dell Technologies is humming and it’s not slowing down anytime soon. In case you missed it, we recently announced our next-generation scale-out NAS platform, Dell EMC PowerScale, built to help organizations capture untapped potential from unstructured data. As the ideal companion to our leading storage system, we also introduced Dell EMC DataIQ, a dataset management software which empowers users to efficiently manage unstructured data across heterogenous file and object storage platforms either on-premises or in the cloud. DataIQ provides organizations with a means to take control … READ MORE

Related:

Unable to back up a VHD with UniTrends. Error: Snapshot chain is too long, Operation failed.

When Unitrends creates snapshots, it copies the snap shots to the Unitrends storage and then deletes the snapshot. If the delete operation fails, then every time Unitrends creates a snapshot the snapshot chain will grow in size. The snapshot chain has a maximum size of 30 snapshots. After the 30th snapshot no more can be created. The error, “Snapshot chain is too long” will appear in the Unitrends logs. You will also not be able to create a snapshot in XenCenter or from an xe command

Related:

How to Recover XenServer Physical Volume Structure after Accidental Deletion

This article describes how to recreate a Physical Volume (PV) and restore Logical Volume Manager (LVM) structure in a situation where Shared or Local storage metadata has been damaged or overwritten.

Warning! Perform the instructions at your own risk. It is recommended to raise a case with Citrix Technical Support to confirm the cause of the issue and then perform necessary steps. Do not attempt commands in this article unless you are confident in understanding of the issue and suggested steps.

If a PV information has been accidentally deleted or tempered with, LVM commands such as “lvscan”, “vgscan”, and “pvscan” return incorrect or empty output.

Note: The commands lvscan, vgscan, and pvscan also return empty output if storage is disconnected or XenServer has problems with communicating to the storage device. Ensure that storage is attached and can be accessed from XenServer, by testing reading with hdparm –t /dev/sd<x> or hdparm –t /dev/mapper/<scsi id> for multipathed SRs, before proceeding with the following instructions. Correct output returns the PV associated with block device and corresponding Volume Groups.

For instance, correct output of pvscan command for shared SR (iSCSI or HBA) with multipath enabled would be in the following format.

PV /dev/mapper/<scsi id> VG VG_XenStorage-<SR uuid> lvm2 [<size total/size free>]

Note how the block device appears under /dev/mapper. If multipath is not enabled, PV value would point to a single block device /dev/sd<x>, like in case of the local storage. For example:

PV /dev/sda3 VG XSLocalEXT-fdf91589-39f4-4104-9856-3cb6c606255 lvm2 [457.75 GB / 0 free]

If only /dev/sd<x> device is displayed, you can confirm scsi id of that device by inspecting output of command.

ls –alh /dev/disk/by-id/


For example, if there is an iSCSI device with scsi id of “23237636464633731” and uuid “e79f14b6-055e-a166-42ce-bf535db5f285”, as seen in general tab of the SR in XenCenter, then the pvscan output for this SR is as follows.

PV /dev/mapper/23237636464633731 VG VG_XenStorage-e79f14b6-055e-a166-42ce-bf535db5f285 lvm2 [1.22 TB / 116.00 GB free]

However, when LVM has been tempered with, pvscan command may provide no output for that SR, or another Volume Group (VG_XenStorage-<different uuid>) name will be assigned to the PV on the expected scsi device.

Background

This problem can occur in following or similar cases:
  1. Storage has been accidentally mapped to another XenServer pool and/or PV and VG metadata has been removed or overwritten with new PV and VG information.
  2. LVM metadata has been removed with incorrect pv/vg commands executed on the host.

  3. Storage failure that caused corruption on the LUN affecting LVM metadata.

Related:

Can ICT scan and classify files in a NFS share?

I need a solution

Hello, 

there is a NetApp NFS file share that needs to be scanned and all the files classified (add meta data, visual tags, etc.) based on content. Can ICT connect to and scan NFS shares hosted on NetApp? would it need DLP Network Discover to perform the scanning? I know Network Discover is supposed to be abel to connect to and scan NFS shared, but I have never done it. 

Thanks,

0

Related:

Disk image create and restore issue

I need a solution

Hello, I have a Windows Server 2012 R2 server with GSS 3.3 installed. Client computer OS is Windows 10, Disk Management looks like attached image “disk_management.png”. In diskpart concole the disk and partition information looks like attached image “diskpart.png”
In GSS console:
Create image job command: -CLONE,MODE=CREATE,SRC=2,DST=%IMAGE_FILENAME% -SURE -SPLIT=0 -Z3
Image location: 1:2ImagesImage.gho
Restore image command: -CLONE,MODE=RESTORE,SRC=%IMAGE_FILENAME%,DST=2 -sure
Image location: 1:2ImagesImage.gho

Questions:
1. To create image, if image location set to D:Imagesimage.gho, the job seems never complete, status is keeping “Uploading disk image…” unless I delete the job manually. If image location set to 1:2xxxx.gho, the job completed successfully. Why this happens?
2. Restore image not work with above ghost command, the warning message is “The Drive number selected for deploying an image connot be same as the Drive number on which the image is stored.” Anything wrong in the restore command? Please advise.

0

Related:

Ghost Image of System in RST UEFI from USB Boot

I need a solution

Hello, I’ve been using Ghost to image my personal machines for about 20 years. I simply boot off the CD and create backups to another drive, and restore in the same fashion. Now I just bought a new laptop, that doesn’t have a CD drive. So I created a bootable USB, which works on my older machines, but not the new laptop. The laptop bios settings include:  storage controller RST mode (not entirely sure why this laptop requires this), boot mode UEFI (can’t go to Legacy boot mode in RST), and USB boot enabled. I’ve tried multiple different settings and the laptop just will not bring up the USB in the boot menu. I tried taking the SSD out to put it in my old machine, but then realized it’s not SATA (it’s NVMe PCIe).

So can someone please enlighten me on how best create a Ghost image of this hard drive? Many thanks in advance!

0

Related:

Dell EMC Isilon Enhancements Embrace Cloud, Support Kubernetes and Reduce Storage Footprint

What a month this has been for Dell EMC Isilon! Not only are we announcing some pretty powerful innovations, we also won a Technology & Engineering Emmy® Award this month. Isilon and OneFS have made a powerful impact on the media and entertainment industry and we have been able to empower organizations to take control of their unstructured data and drive change. According to Gartner, “By 2024 enterprises will triple their unstructured data stored as file or object storage from what they have in 2019.”* As data continues to grow at this unrelenting pace, it is … READ MORE

Related:

Not seeing OS partition when selecting disk to create image

I need a solution

Not sure exactly where to look for help on this so that is why I am posting here. I am using ghostcast server version 12.0.0.10618 and am having difficulties imaging a new windows 10 laptop. Before we had laptops that allowed Legacy boot options and we were able to create an image no problem for those. However we now have a few new ones that only allow UEFI boot which may possibly be the issue I am having. So I syspreped my machine and that went fine but when I boot to a usb disk with UEFI on the client and get to the point of selecting a my disk, the size of the drive is only 150MB. The drive is an SSD that is 256GB. For some reason it is not seeing the full disk only a small parition of it. Does anyone know if this is due to using UEFI or some other reason? ANy help on this would be appreciated. Thanks.

0

Related: