Cisco IOS XE Software IOx Guest Shell USB SSD Namespace Protection Privilege Escalation Vulnerability

A vulnerability in the file system on the pluggable USB 3.0 Solid State Drive (SSD) for Cisco IOS XE Software could allow an authenticated, physical attacker to remove the USB 3.0 SSD and modify sensitive areas of the file system, including the namespace container protections. 

The vulnerability occurs because the USB 3.0 SSD control data is not stored on the internal boot flash. An attacker could exploit this vulnerability by removing the USB 3.0 SSD, modifying or deleting files on the USB 3.0 SSD by using another device, and then reinserting the USB 3.0 SSD on the original device. A successful exploit could allow the attacker to remove container protections and perform file actions outside the namespace of the container with root privileges.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-usb-guestshell-WmevScDj

Security Impact Rating: Medium

CVE: CVE-2020-3396

Related:

  • No Related Posts

Ghost Image of System in RST UEFI from USB Boot

I need a solution

Hello, I’ve been using Ghost to image my personal machines for about 20 years. I simply boot off the CD and create backups to another drive, and restore in the same fashion. Now I just bought a new laptop, that doesn’t have a CD drive. So I created a bootable USB, which works on my older machines, but not the new laptop. The laptop bios settings include:  storage controller RST mode (not entirely sure why this laptop requires this), boot mode UEFI (can’t go to Legacy boot mode in RST), and USB boot enabled. I’ve tried multiple different settings and the laptop just will not bring up the USB in the boot menu. I tried taking the SSD out to put it in my old machine, but then realized it’s not SATA (it’s NVMe PCIe).

So can someone please enlighten me on how best create a Ghost image of this hard drive? Many thanks in advance!

0

Related:

Not seeing OS partition when selecting disk to create image

I need a solution

Not sure exactly where to look for help on this so that is why I am posting here. I am using ghostcast server version 12.0.0.10618 and am having difficulties imaging a new windows 10 laptop. Before we had laptops that allowed Legacy boot options and we were able to create an image no problem for those. However we now have a few new ones that only allow UEFI boot which may possibly be the issue I am having. So I syspreped my machine and that went fine but when I boot to a usb disk with UEFI on the client and get to the point of selecting a my disk, the size of the drive is only 150MB. The drive is an SSD that is 256GB. For some reason it is not seeing the full disk only a small parition of it. Does anyone know if this is due to using UEFI or some other reason? ANy help on this would be appreciated. Thanks.

0

Related:

psfs Failed to validate log

I need a solution

Hello All,

I recently faced an issue with my Laptop running Windows 8.1.

I believe it came from leaving a bootable USB Stick inserted while the machine went to sleep.

However, after getting it woken up by pressing the power button once it came up with a Windows Screen telling (picture1):

***

Recovery

Your PC needs to be repaired

A required device isn’t connected or can’ be accessed.

Error code: 0xc000000e

You’ll need to use the recovery tools on your installation media. If you don’t have any installation media (like s disc or USB device), contact your system administrator or PC manufacturer.

Press Enter to try again

Press F8 for Startup Settings

***

Unfortunately neither “Enter” nor F8 offerns anything but the screen above.

I sticked to the Preboot Execution Menu, selected “Log Files” and found that there might be something wrong around data integrity (picture2).

Is there any way to convince the software to let the Laptop start?

My understanding is that the Endpoint Protection is not operating as expected leaving the Filesystem unreadable for Windows, resulting inthat screen for recovery.

It would be most appreciated if someone could point me to where to go with that. I at least need to copy some data off that SSD, I don’t mind for a full OS re-install later on.

MANY THANKS IN ADVANCE!

Cheers

Chris

0

1571682707

Related:

Installation fails

I need a solution

Hey guys,

for testing purposes I want to Install the Trial Version of the Client Management Suiteon a VM.

The VM looks as follows:

8 Processor Cores (host got an i7-8750H)
12Gb RAM
300Gb HDD (SSD on Host)
Windows Server 2016

I already have a virtual environment into which I want to integrate the Suite to evaluate some functions. Unfortunately, the Installation always runs into a “Critical Failure” during the confuguration at step 6 “Pre-Configuration”

Here is a screenshot of the message (unfortunately in german, hope it helps you anyway)

error message

I was searching a bit and it may be related to IIS. The installation pre-requisites states everything is fine, just gives a warning because I am using SQL Server 2016 Express (which is enough for my purpose).

If you guys have any ideas on how to fix it I’d appreciate it. If you need any further information I will try to provide it.

Thanks in advance.

0

Related:

  • No Related Posts

High resource utilization by ccsvchst.exe

I need a solution

Hi,

I have implemented SEPM 14.2 RU1 – 14.2.3335.1000 at one of my client place. They initially has laptops with SSD where the SEP was installed and working as expected. Recently on few laptops they made a combination of SSD + HDD post which there is a high resource spike even the system is idle.

Can anyone suggest me on what needs to be done to pin-point the issue and resolve it?

0

Related:

Ghost error during restoring

I need a solution

Good morning, Inside the company i work for we got many cnc siemens machines with a pc windows 7 and the ghost suite integrated. After a blackuot i made a backup of the 2 partitions contained inside the ssd and after that i tried to restore an old partition backup. Here i made an error, i pressed restore entire hdd and i choose the partition file. After 2 seconds i got an error from the ghost console. Now, i got the hdd without anything inside. I think the procedure canceled some configuration files but no real files. Windows does not start and during the boot up i only got a black screen. Do you know any way to try to recover the hdd?

0

Related:

  • No Related Posts

Could not add user account with NVME SSD in Symantec Endpoint Encryption 11.2.0/11.2.1.

I need a solution

After finishing SSE Client installation, can not find the windows user account and could not add new user account. Please refer to the attahced picture.

Could you help to confirm if it can support NVME SSD Encryption or not?

Thank you very much.

OS: RS5, 19H1

Platform: Intel WHL, CML

Isolation: HDD, M.2 SSD are ok

Symantec Endpoint Encryption version: 11.2.0MP1HF1, 11.2.1MP1

0

Related:

An Enterprise SSD Fairytale: Finding the Solution That’s Just Right

One of my favorite childhood fairytales was Goldilocks and the Three Bears. We can all relate to Goldilocks in the pursuit of finding just the right fit, especially when it comes to choosing between enterprise SSDs. It can be difficult to make the right choice when confronted with too many options, or too few options. When choosing your Dell EMC PowerEdge server enterprise SSD, it is important to find just the right amount of performance, latency, and reliability, at the right price. You want enough performance for your specific applications but may not need the top … READ MORE

Related:

SEE Client Administrator/Management Agent shows no internal drives when Disk 0 is unallocated

I do not need a solution (just sharing information)

The SEE Client Administrator and SEE Management Agent will both show no internal drives if Disk 0 is unallocated (unformated) in a system with two or more drives. I have an HP ZBook 15 that came with an internal 256 GB M.2 PCI-E SSD. That drive proved to be too small for my needs so I installed an additional 1 TB SATA SSD. I left the M.2 drive in the laptop when I added the new SSD. Disk Management shows the 256 GB SSD as Disk 0 (Unallocated) and the 1 TB SSD as Disk 1. Windows 10 1809 is installed on Disk 1. If I create a new simple volume on Disk 0 and then launch either the SEE Client Administrator or SEE Management Agent I will see both Disk 0 and DIsk 1 displayed. If I delete the volume on Disk 0, the SEE Client Administrator and SEE Management Agent will both fail to show any internal drives. This was tested with both Symantec Endpoint Encryption 11.2.1 and 11.2.1 MP1. I was able to verify that Disk 1 is in fact encrypted with the following command.

C:Program FilesSymantecEndpoint Encryption ClientsDrive Encryption>eedadmincli.exe –status

0

Related:

  • No Related Posts