All the vulnerabilites related to cisco - nexus_5010p_switch
Vulnerability from fkie_nvd
Published
2017-10-19 08:29
Modified
2024-11-21 03:09
Severity ?
6.7 (Medium) - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient sanitization of user-supplied parameters that are passed to certain Python functions within the scripting sandbox of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. To exploit this vulnerability, an attacker must have local access and be authenticated to the targeted device with administrative or Python execution privileges. These requirements could limit the possibility of a successful exploit. This vulnerability affects the following Cisco products if they are running Cisco NX-OS Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches - Standalone, NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCvb86832, CSCvd86474, CSCvd86479, CSCvd86484, CSCvd86490, CSCve97102, CSCvf12757, CSCvf12804, CSCvf12815, CSCvf15198.
References
ykramarz@cisco.comhttp://www.securitytracker.com/id/1039622Third Party Advisory, VDB Entry
ykramarz@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ppeVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1039622Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ppeVendor Advisory
Impacted products
Vendor Product Version
cisco nx-os 7.0\(3\)i4\(6\)
cisco nx-os 8.1\(0\)bd\(0.20\)
cisco multilayer_director -
cisco nexus_2000 -
cisco nexus_3048 -
cisco nexus_3064 -
cisco nexus_3064t -
cisco nexus_3064x -
cisco nexus_3500 -
cisco nexus_3524 -
cisco nexus_3548 -
cisco nexus_5500 -
cisco nexus_5548p -
cisco nexus_5548up -
cisco nexus_5596t -
cisco nexus_5596up -
cisco nexus_5600 -
cisco nexus_56128p -
cisco nexus_5624q -
cisco nexus_5648q -
cisco nexus_5672up -
cisco nexus_5696q -
cisco nexus_6000 -
cisco nexus_6001 -
cisco nexus_6004 -
cisco nexus_6004x -
cisco nexus_7000 -
cisco nexus_7000_10-slot -
cisco nexus_7000_18-slot -
cisco nexus_7000_9-slot -
cisco nexus_7700 -
cisco nexus_9000 -
cisco nexus_9500_r -
cisco nx-os 7.3\(2\)d1\(0.21\)
cisco nx-os 8.0\(0.74\)
cisco nx-os 8.0\(1\)
cisco nx-os 8.1\(0.70\)s0
cisco nexus_7000 -
cisco nexus_7000_10-slot -
cisco nexus_7000_18-slot -
cisco nexus_7000_9-slot -
cisco nx-os 6.0\(2\)a8\(3\)
cisco nx-os 6.0\(2\)a8\(6.213\)
cisco nx-os 8.1\(0\)bd\(0.20\)
cisco nexus_3000 -
cisco nexus_3016 -
cisco nexus_3016q -
cisco nexus_3048 -
cisco nexus_3064 -
cisco nexus_3064t -
cisco nexus_3064x -
cisco nx-os 7.0\(0\)hsk\(0.357\)
cisco nexus_5000 -
cisco nexus_5010 -
cisco nexus_5010p_switch -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i4\\(6\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F0DA113F-3706-4FF3-88F9-5D3CD48F8CE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:8.1\\(0\\)bd\\(0.20\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F66360CD-CCCF-4DE7-86F1-996175B4503C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:multilayer_director:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD0D93AC-2631-40CB-97CD-E50FD12958F9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_2000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB2FDB70-C681-4927-97F4-2B466E718859",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_3048:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC2A6C31-438A-4CF5-A3F3-364B1672EB7D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_3064:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "76C10D85-88AC-4A79-8866-BED88A0F8DF8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_3064t:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F4E8EE4-031D-47D3-A12E-EE5F792172EE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_3064x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "00CDD8C3-67D5-4E9F-9D48-A77B55DB0AB1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_3500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8E1073F-D374-4311-8F12-AD8C72FAA293",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_3524:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAF5AF71-15DF-4151-A1CF-E138A7103FC8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_3548:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "088C0323-683A-44F5-8D42-FF6EC85D080E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFC8699E-81C0-4374-B827-71B3916B910D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5548p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5519EA9-1236-4F51-9974-E3FC1B26B5D2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5548up:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB0A3B06-8B25-4CD3-AFA9-5F928B1042F4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5596t:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1766443C-1C5A-486E-A36F-D3045F364D78",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5596up:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC4D4403-F93B-4CC8-B75F-7A5B03FEDD85",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "870F4379-68F6-4B34-B99B-107DFE0DBD63",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_56128p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABB6E612-4246-4408-B3F6-B31E771F5ACB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5624q:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "91B129B2-2B31-4DE0-9F83-CC6E0C8729A0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5648q:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CBD3CD0-B542-4B23-9C9D-061643BE44E8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5672up:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A22A2647-A4C0-4681-BBC5-D95ADBAA0457",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5696q:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2BB1A3A-668C-4B0D-8AC2-6B4758B3420B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_6000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A58223F-3B15-420B-A6D4-841451CF0380",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_6001:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9662D6B-AF0F-45C8-B7CD-AE7C76593FDB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_6004:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F557E38-09F6-42C6-BABA-3C3168B38BBA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_6004x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F182AD1-6E51-456A-A8F7-8F3B92DBE4D0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "12180BEB-7F21-4FA7-ABD2-E9A8EA7340F3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_7000_10-slot:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B22B3865-30E9-4B5A-A37D-DC33F1150FFE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_7000_18-slot:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "459A7F11-52BF-4AD6-B495-4C4D6C050493",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_7000_9-slot:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB73543E-9B5B-4BA9-8FB4-666AF5AC8B6B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_7700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD7A4B4B-3BB1-4A4D-911E-C4EEF01BBC45",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_9000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EBEBA5B-5589-417B-BF3B-976083E9FE54",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_9500_r:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE07E8D4-376D-4341-A656-F8440368A8A9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:7.3\\(2\\)d1\\(0.21\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0B5A0215-EC63-4DCD-842A-106225F3CA42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:8.0\\(0.74\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "E79EFE75-8674-4D5D-892F-D24A8D43098A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:8.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "9C83E090-7C99-465A-A477-C2949B137720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:8.1\\(0.70\\)s0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEC6B471-BE9B-4301-BEE7-3FF50DC94937",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "12180BEB-7F21-4FA7-ABD2-E9A8EA7340F3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_7000_10-slot:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B22B3865-30E9-4B5A-A37D-DC33F1150FFE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_7000_18-slot:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "459A7F11-52BF-4AD6-B495-4C4D6C050493",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_7000_9-slot:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB73543E-9B5B-4BA9-8FB4-666AF5AC8B6B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "310856A9-CA62-4C1A-A4C9-B6EECC36F496",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(6.213\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "17B9D603-75C0-4241-BD4B-3C891A2C5BD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:8.1\\(0\\)bd\\(0.20\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F66360CD-CCCF-4DE7-86F1-996175B4503C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:nexus_3000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "10FFC5E8-CC5A-4D31-A63A-19E72EC442AB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_3016:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "528ED62B-D739-4E06-AC64-B506FD73BBAB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_3016q:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D402AB0-BCFB-4F42-8C50-5DC930AEEC8B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_3048:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC2A6C31-438A-4CF5-A3F3-364B1672EB7D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_3064:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "76C10D85-88AC-4A79-8866-BED88A0F8DF8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_3064t:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F4E8EE4-031D-47D3-A12E-EE5F792172EE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_3064x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "00CDD8C3-67D5-4E9F-9D48-A77B55DB0AB1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:7.0\\(0\\)hsk\\(0.357\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "EE7BCA11-7B09-43A3-A589-59D48402F564",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F2B1E07-8519-4F58-9048-81ABA12E01DC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E275D31F-4FA1-428E-AB4A-D2802FF0CF1A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5010p_switch:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FD1E96B-1927-42DC-A47B-5632CED2D40F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient sanitization of user-supplied parameters that are passed to certain Python functions within the scripting sandbox of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. To exploit this vulnerability, an attacker must have local access and be authenticated to the targeted device with administrative or Python execution privileges. These requirements could limit the possibility of a successful exploit. This vulnerability affects the following Cisco products if they are running Cisco NX-OS Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches - Standalone, NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCvb86832, CSCvd86474, CSCvd86479, CSCvd86484, CSCvd86490, CSCve97102, CSCvf12757, CSCvf12804, CSCvf12815, CSCvf15198."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el subsistema de scripting en Python del software Cisco NX-OS podr\u00eda permitir que un atacante local sin autenticar escape el analizador Python y obtenga acceso no autorizado al sistema operativo del dispositivo. La vulnerabilidad existe debido a la sanitizaci\u00f3n insuficiente de par\u00e1metros proporcionados por el usuario que se pasan a ciertas funciones Python en la sandbox de scripting del dispositivo afectado. Un atacante podr\u00eda explotar esta vulnerabilidad para escapar la sandbox de scripting y ejecutar comandos arbitrarios en el sistema operativo en el que se ejecuta con los privilegios de un usuario autenticado. Para explotar esta vulnerabilidad, un atacante debe tener acceso local y estar autenticado en el dispositivo objetivo del ataque con privilegios de administrador o de ejecuci\u00f3n de Python. Estos requisitos podr\u00edan limitar la posibilidad de que un exploit tenga \u00e9xito. Esta vulnerabilidad afecta a los siguientes productos de Cisco que ejecutan el software Cisco NX-OS: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches - Standalone, NX-OS mode, Nexus 9500 R-Series Line Cards y Fabric Modules. Cisco Bug IDs: CSCvb86832, CSCvd86474, CSCvd86479, CSCvd86484, CSCvd86490, CSCve97102, CSCvf12757, CSCvf12804, CSCvf12815, CSCvf15198."
    }
  ],
  "id": "CVE-2017-12301",
  "lastModified": "2024-11-21T03:09:15.857",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-10-19T08:29:00.733",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039622"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ppe"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039622"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ppe"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-10-19 08:29
Modified
2024-11-21 03:26
Severity ?
8.6 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Summary
A vulnerability in the authentication, authorization, and accounting (AAA) implementation of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability occurs because AAA processes prevent the NX-OS System Manager from receiving keepalive messages when an affected device receives a high rate of login attempts, such as in a brute-force login attack. System memory can run low on the FXOS devices under the same conditions, which could cause the AAA process to unexpectedly restart or cause the device to reload. An attacker could exploit this vulnerability by performing a brute-force login attack against a device that is configured with AAA security services. A successful exploit could allow the attacker to cause the affected device to reload. This vulnerability affects the following Cisco products if they are running Cisco FXOS or NX-OS System Software that is configured for AAA services: Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, Multilayer Director Switches, Nexus 1000V Series Switches, Nexus 1100 Series Cloud Services Platforms, Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System (UCS) 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCuq58760, CSCuq71257, CSCur97432, CSCus05214, CSCux54898, CSCvc33141, CSCvd36971, CSCve03660.
References
ykramarz@cisco.comhttp://www.securityfocus.com/bid/101493Third Party Advisory, VDB Entry
ykramarz@cisco.comhttp://www.securitytracker.com/id/1039614Third Party Advisory, VDB Entry
ykramarz@cisco.comhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03846en_us
ykramarz@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-aaavtyVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/101493Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1039614Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03846en_us
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-aaavtyVendor Advisory
Impacted products
Vendor Product Version
cisco firepower_extensible_operating_system *
cisco firepower_4100 -
cisco fxos 2.3
cisco firepower_9300 -
cisco nx-os 5.2
cisco nx-os 6.2
cisco nx-os 6.3
cisco nx-os 7.3
cisco nx-os 8.1
cisco nx-os 8.2
cisco mds_9000 -
cisco nx-os *
cisco nx-os 5.2
cisco nexus_1000v -
cisco nexus_1100v -
cisco nx-os *
cisco nx-os 7.0
cisco nexus_3000 -
cisco nexus_3016 -
cisco nexus_3016q -
cisco nexus_3048 -
cisco nexus_3064 -
cisco nexus_3064t -
cisco nexus_3064x -
cisco nx-os 7.0\(3\)i3\(1\)
cisco nexus_3500 -
cisco nexus_3524 -
cisco nexus_3548 -
cisco nx-os *
cisco nexus_2000 -
cisco nexus_5000 -
cisco nexus_5010 -
cisco nexus_5010p_switch -
cisco nexus_5500 -
cisco nexus_5548p -
cisco nexus_5548up -
cisco nexus_5596t -
cisco nexus_5596up -
cisco nexus_5600 -
cisco nexus_56128p -
cisco nexus_5624q -
cisco nexus_5648q -
cisco nexus_5672up -
cisco nexus_5696q -
cisco nexus_6000 -
cisco nexus_6001 -
cisco nexus_6004 -
cisco nexus_6004x -
cisco nx-os 7.1\(0.1\)
cisco nexus_7000 -
cisco nexus_7000_10-slot -
cisco nexus_7000_18-slot -
cisco nexus_7000_9-slot -
cisco nexus_7700 -
cisco nx-os 6.1
cisco nx-os 7.0
cisco nexus_9000 -
cisco nx-os 7.0
cisco 9500_r -
cisco nx-os *
cisco nx-os 2.5
cisco nx-os 3.0
cisco nx-os 3.1
cisco nx-os 3.2
cisco ucs_6100 -
cisco ucs_6200 -
cisco ucs_6300 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAF74CE3-3B64-48C8-B93C-6435EE737049",
              "versionEndIncluding": "2.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:firepower_4100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E9552E6-0B9B-4B32-BE79-90D4E3887A7B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:fxos:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "22ED1121-D317-4CD9-9333-0E0C00687ED9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:firepower_9300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "07DAFDDA-718B-4B69-A524-B0CEB80FE960",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "258F95C6-34C6-489D-95E0-5E90DAA518CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEF1AF20-C6CE-4956-8129-FA68E3B03E35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2916F0FF-F34C-45FD-8628-63030D166FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9501608B-3811-4C33-BDA1-721045284C7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F363BEDD-A8AC-4FB6-87DC-708F97F8375E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E40D9097-C95A-4813-9DEE-89CA75820524",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:mds_9000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FD00AB9-F2DD-4D07-8DFF-E7B34824D66A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCF681A9-9991-4994-88DD-A1DC5BE0F4C5",
              "versionEndIncluding": "4.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "258F95C6-34C6-489D-95E0-5E90DAA518CB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:nexus_1000v:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E705638-8D0A-40D6-9A51-4FDB6C03F71E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_1100v:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEFC494B-ADBB-43FA-8A8C-58C5BE5CFAE0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CEDB8CD-7E33-490C-A75A-E70E73B68ADD",
              "versionEndIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "02DD5791-E4D3-475C-84B0-E642ACFC5EB6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:nexus_3000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "10FFC5E8-CC5A-4D31-A63A-19E72EC442AB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_3016:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "528ED62B-D739-4E06-AC64-B506FD73BBAB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_3016q:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D402AB0-BCFB-4F42-8C50-5DC930AEEC8B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_3048:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC2A6C31-438A-4CF5-A3F3-364B1672EB7D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_3064:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "76C10D85-88AC-4A79-8866-BED88A0F8DF8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_3064t:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F4E8EE4-031D-47D3-A12E-EE5F792172EE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_3064x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "00CDD8C3-67D5-4E9F-9D48-A77B55DB0AB1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i3\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "DBAC49A1-91FC-4D55-BD74-42C918CCFDC9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:nexus_3500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8E1073F-D374-4311-8F12-AD8C72FAA293",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_3524:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAF5AF71-15DF-4151-A1CF-E138A7103FC8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_3548:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "088C0323-683A-44F5-8D42-FF6EC85D080E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4832A094-92DB-402F-AF05-34B3A7C7CA0E",
              "versionEndIncluding": "5.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:nexus_2000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB2FDB70-C681-4927-97F4-2B466E718859",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F2B1E07-8519-4F58-9048-81ABA12E01DC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E275D31F-4FA1-428E-AB4A-D2802FF0CF1A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5010p_switch:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FD1E96B-1927-42DC-A47B-5632CED2D40F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFC8699E-81C0-4374-B827-71B3916B910D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5548p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5519EA9-1236-4F51-9974-E3FC1B26B5D2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5548up:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB0A3B06-8B25-4CD3-AFA9-5F928B1042F4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5596t:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1766443C-1C5A-486E-A36F-D3045F364D78",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5596up:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC4D4403-F93B-4CC8-B75F-7A5B03FEDD85",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "870F4379-68F6-4B34-B99B-107DFE0DBD63",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_56128p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABB6E612-4246-4408-B3F6-B31E771F5ACB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5624q:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "91B129B2-2B31-4DE0-9F83-CC6E0C8729A0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5648q:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CBD3CD0-B542-4B23-9C9D-061643BE44E8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5672up:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A22A2647-A4C0-4681-BBC5-D95ADBAA0457",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5696q:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2BB1A3A-668C-4B0D-8AC2-6B4758B3420B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_6000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A58223F-3B15-420B-A6D4-841451CF0380",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_6001:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9662D6B-AF0F-45C8-B7CD-AE7C76593FDB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_6004:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F557E38-09F6-42C6-BABA-3C3168B38BBA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_6004x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F182AD1-6E51-456A-A8F7-8F3B92DBE4D0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:7.1\\(0.1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "FC9BC24B-BEB3-4D55-93C8-8334B8BC0BC0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "12180BEB-7F21-4FA7-ABD2-E9A8EA7340F3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_7000_10-slot:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B22B3865-30E9-4B5A-A37D-DC33F1150FFE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_7000_18-slot:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "459A7F11-52BF-4AD6-B495-4C4D6C050493",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_7000_9-slot:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB73543E-9B5B-4BA9-8FB4-666AF5AC8B6B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_7700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD7A4B4B-3BB1-4A4D-911E-C4EEF01BBC45",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "65FED959-8185-46B8-863E-1C29B2B6D729",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "02DD5791-E4D3-475C-84B0-E642ACFC5EB6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:nexus_9000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EBEBA5B-5589-417B-BF3B-976083E9FE54",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "02DD5791-E4D3-475C-84B0-E642ACFC5EB6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:9500_r:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDE36419-D07D-404F-A6B7-E482A4D8462A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C20C0402-5039-4898-B401-E2269747A169",
              "versionEndIncluding": "2.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88EE7313-8FF9-4D23-B5BB-373B98FF664C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AA3ABB8-F62E-4343-B445-7CE99B523918",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0037167E-8F61-4481-B19C-93509C524353",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "44B13F63-BD27-4CEF-8AAB-C5B26B9C78AB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ucs_6100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "337F7900-D4F9-433A-9501-763EBAB48744",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ucs_6200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0B96E5C-CC27-4020-93CE-413B95DCABB0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ucs_6300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6BCF41B-A617-4563-8D14-E906411354FB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the authentication, authorization, and accounting (AAA) implementation of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability occurs because AAA processes prevent the NX-OS System Manager from receiving keepalive messages when an affected device receives a high rate of login attempts, such as in a brute-force login attack. System memory can run low on the FXOS devices under the same conditions, which could cause the AAA process to unexpectedly restart or cause the device to reload. An attacker could exploit this vulnerability by performing a brute-force login attack against a device that is configured with AAA security services. A successful exploit could allow the attacker to cause the affected device to reload. This vulnerability affects the following Cisco products if they are running Cisco FXOS or NX-OS System Software that is configured for AAA services: Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, Multilayer Director Switches, Nexus 1000V Series Switches, Nexus 1100 Series Cloud Services Platforms, Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System (UCS) 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCuq58760, CSCuq71257, CSCur97432, CSCus05214, CSCux54898, CSCvc33141, CSCvd36971, CSCve03660."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la implementaci\u00f3n de autenticaci\u00f3n, autorizaci\u00f3n y contabilidad (AAA) de Cisco Firepower Extensible Operating System (FXOS) y NX-OS System Software podr\u00eda permitir que un atacante remoto no autenticado provoque que un dispositivo afectado vuelva a cargar. Esta vulnerabilidad ocurre porque los procesos de AAA evitan que el System Manager de NX-OS reciba mensajes de keepalive cuando un dispositivo afectado recibe una alta tasa de intentos de inicio de sesi\u00f3n, como en el caso de un ataque de inicio de sesi\u00f3n por fuerza bruta. La memoria del sistema puede ser insuficiente en los dispositivos FXOS bajo las mismas condiciones, lo que puede causar que el proceso AAA se reinicie de manera inesperada o que el dispositivo se vuelva a cargar. Un atacante podr\u00eda explotar esta vulnerabilidad realizando un ataque de inicio de sesi\u00f3n por fuerza bruta contra un dispositivo que est\u00e1 configurado con servicios de seguridad AAA. Un exploit con \u00e9xito podr\u00eda permitir que el atacante consiga que el dispositivo afectado se vuelva a cargar. Esta vulnerabilidad afecta a los siguientes productos de Cisco que ejecutan Cisco FXOS o NX-OS System Software que est\u00e9 configurado para servicios AAA: Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, Multilayer Director Switches, Nexus 1000V Series Switches, Nexus 1100 Series Cloud Services Platforms, Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System (UCS) 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCuq58760, CSCuq71257, CSCur97432, CSCus05214, CSCux54898, CSCvc33141, CSCvd36971, CSCve03660."
    }
  ],
  "id": "CVE-2017-3883",
  "lastModified": "2024-11-21T03:26:18.640",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-10-19T08:29:00.950",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101493"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039614"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03846en_us"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-aaavty"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101493"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039614"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03846en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-aaavty"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-08-19 11:16
Modified
2024-11-21 02:07
Severity ?
Summary
The SNMP module in Cisco NX-OS 7.0(3)N1(1) and earlier on Nexus 5000 and 6000 devices provides different error messages for invalid requests depending on whether the VLAN ID exists, which allows remote attackers to enumerate VLANs via a series of requests, aka Bug ID CSCup85616.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3341Vendor Advisory
ykramarz@cisco.comhttp://tools.cisco.com/security/center/viewAlert.x?alertId=35338Vendor Advisory
ykramarz@cisco.comhttp://www.securityfocus.com/bid/69266
ykramarz@cisco.comhttp://www.securitytracker.com/id/1030746
ykramarz@cisco.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/95329
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3341Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/viewAlert.x?alertId=35338Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/69266
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1030746
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/95329
Impacted products
Vendor Product Version
cisco nx-os *
cisco nx-os 5.0\(2\)n1\(1\)
cisco nx-os 5.0\(2\)n2\(1\)
cisco nx-os 5.0\(2\)n2\(1a\)
cisco nx-os 5.0\(3\)n1\(1c\)
cisco nx-os 5.0\(3\)n2\(1\)
cisco nx-os 5.0\(3\)n2\(2\)
cisco nx-os 5.0\(3\)n2\(2a\)
cisco nx-os 5.0\(3\)n2\(2b\)
cisco nx-os 5.1\(3\)n1\(1\)
cisco nx-os 5.1\(3\)n1\(1a\)
cisco nx-os 5.1\(3\)n2\(1\)
cisco nx-os 5.1\(3\)n2\(1a\)
cisco nx-os 5.1\(3\)n2\(1b\)
cisco nx-os 5.1\(3\)n2\(1c\)
cisco nx-os 5.2\(1\)n1\(1\)
cisco nx-os 5.2\(1\)n1\(1a\)
cisco nx-os 5.2\(1\)n1\(1b\)
cisco nx-os 5.2\(1\)n1\(2\)
cisco nx-os 5.2\(1\)n1\(2a\)
cisco nx-os 5.2\(1\)n1\(3\)
cisco nx-os 5.2\(1\)n1\(4\)
cisco nx-os 5.2\(1\)n1\(5\)
cisco nx-os 5.2\(1\)n1\(6\)
cisco nx-os 5.2\(1\)n1\(7\)
cisco nx-os 5.2\(1\)n1\(8\)
cisco nx-os 5.2\(1\)n1\(8a\)
cisco nx-os 6.0\(2\)n1\(2\)
cisco nx-os 6.0\(2\)n1\(2a\)
cisco nx-os 6.0\(2\)n2\(1\)
cisco nx-os 6.0\(2\)n2\(1b\)
cisco nx-os 6.0\(2\)n2\(2\)
cisco nx-os 6.0\(2\)n2\(3\)
cisco nx-os 6.0\(2\)n2\(4\)
cisco nx-os 6.0\(2\)n2\(5\)
cisco nx-os 7.0\(0\)n1\(1\)
cisco nx-os 7.0\(1\)n1\(1\)
cisco nx-os 7.0\(2\)n1\(1\)
cisco nexus_5000 -
cisco nexus_5010 -
cisco nexus_5010p_switch -
cisco nexus_5020 -
cisco nexus_5020p_switch -
cisco nexus_5548p -
cisco nexus_5548up -
cisco nexus_5596t -
cisco nexus_5596up -
cisco nexus_56128p -
cisco nexus_5672up -
cisco nx-os *
cisco nx-os 6.0\(2\)n1\(2\)
cisco nx-os 6.0\(2\)n1\(2a\)
cisco nx-os 6.0\(2\)n2\(1\)
cisco nx-os 6.0\(2\)n2\(1b\)
cisco nx-os 6.0\(2\)n2\(2\)
cisco nx-os 6.0\(2\)n2\(3\)
cisco nx-os 6.0\(2\)n2\(4\)
cisco nx-os 6.0\(2\)n2\(5\)
cisco nx-os 7.0\(0\)n1\(1\)
cisco nx-os 7.0\(1\)n1\(1\)
cisco nx-os 7.0\(2\)n1\(1\)
cisco nexus_6001 -
cisco nexus_6004 -
cisco nexus_6004x -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A261E6C-DF59-4D38-8BAF-FADA08B8011E",
              "versionEndIncluding": "7.0\\(3\\)n1\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(2\\)n1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "7F69DC16-8793-4A50-B901-2BDBE007405E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(2\\)n2\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "392B8209-689D-4EFB-8B8E-04910EEB38AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(2\\)n2\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "2D8595D2-710F-4C09-BEA4-A3D81C2269A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)n1\\(1c\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "B4B91092-DE54-4591-9C0F-A22A04AB71E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)n2\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE1F177-8952-4ECE-9E7D-5DB17895148A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)n2\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D95D0F4E-944D-4AB8-B316-7842CB1F9C26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)n2\\(2a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "7856BA8B-4959-4FC2-AF4F-747FCFCC8EBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)n2\\(2b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "3A402251-E36D-4DD1-8DE9-6DA025CBECEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.1\\(3\\)n1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "99F6A4FB-A7C4-48C8-AEE4-584DE5A7D57C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.1\\(3\\)n1\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0C3BE66A-77B5-4808-BFFC-26B6A77F048F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.1\\(3\\)n2\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "460A7B6A-C923-4D1A-89D4-3F46FE94D003",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.1\\(3\\)n2\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "74CE3C35-D73A-4FB9-B061-B8A65F84F927",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.1\\(3\\)n2\\(1b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F3E0B7CF-91B6-4E49-A763-65A2EEED5C9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.1\\(3\\)n2\\(1c\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "30AA1C60-38DC-44E2-A4D8-0F290DA8D83C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.2\\(1\\)n1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "757A0C8E-4817-41DD-A609-2B61C36DBBCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.2\\(1\\)n1\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "3AECFED5-8D06-4396-BDD2-AAA0F5241839",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.2\\(1\\)n1\\(1b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "772A297E-E323-4D2D-9129-6C4FC63643DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.2\\(1\\)n1\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "149ABB41-A8FF-4A8F-888E-F27BDAAE9C0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.2\\(1\\)n1\\(2a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "6918EB91-679A-4F47-BB9E-3A22287F14FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.2\\(1\\)n1\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "A0464AAE-73CF-4B24-A5CE-5C1131909CF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.2\\(1\\)n1\\(4\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "68376361-C835-4552-8490-553C9A082615",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.2\\(1\\)n1\\(5\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "270620E3-92B7-4914-88C7-9D955B2B856E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.2\\(1\\)n1\\(6\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "A8E48600-FD20-4743-A3E8-AD5297164551",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.2\\(1\\)n1\\(7\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "4A10C1B6-616E-4F94-8889-9C99906326D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.2\\(1\\)n1\\(8\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "01A091A5-2848-4901-B193-1EC9DD8A52E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.2\\(1\\)n1\\(8a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "380FEA27-D68C-48DA-B2B9-4A3B3A71B059",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)n1\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "7EACF481-3E4B-4580-8AE7-3D49790E0715",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)n1\\(2a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "698ABD3F-C9DE-4376-B57A-D05AEDCD9A25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)n2\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "5010EDAE-67BB-4E23-B0F5-10096A7DAB54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)n2\\(1b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "84CF5114-731F-4BF4-83E0-9B095C34541C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)n2\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "4750621F-E7C5-4E6A-BC5F-232E75A454E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)n2\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "08F35A63-9343-47D6-AB91-37AB148137E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)n2\\(4\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "CADBDD1D-DA17-40EE-8B23-81E9991387DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)n2\\(5\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "A623F8E1-B97B-41DD-947F-7E1B65DD6902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:7.0\\(0\\)n1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "FD613D8F-099C-43A1-BD29-A98250E1334A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:7.0\\(1\\)n1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "576B74DF-9527-4931-B1A3-8FEE1DB1AD99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:7.0\\(2\\)n1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "AA5B4FA9-E550-4C69-A4E7-A989BBCCF22E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F2B1E07-8519-4F58-9048-81ABA12E01DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E275D31F-4FA1-428E-AB4A-D2802FF0CF1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5010p_switch:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FD1E96B-1927-42DC-A47B-5632CED2D40F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA7F5823-41A8-47C8-A154-02C6C31EF76A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5020p_switch:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0737BA36-75AB-478D-9001-3DA3E49C6F00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5548p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5519EA9-1236-4F51-9974-E3FC1B26B5D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5548up:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB0A3B06-8B25-4CD3-AFA9-5F928B1042F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5596t:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1766443C-1C5A-486E-A36F-D3045F364D78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5596up:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC4D4403-F93B-4CC8-B75F-7A5B03FEDD85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_56128p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABB6E612-4246-4408-B3F6-B31E771F5ACB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5672up:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A22A2647-A4C0-4681-BBC5-D95ADBAA0457",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A261E6C-DF59-4D38-8BAF-FADA08B8011E",
              "versionEndIncluding": "7.0\\(3\\)n1\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)n1\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "7EACF481-3E4B-4580-8AE7-3D49790E0715",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)n1\\(2a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "698ABD3F-C9DE-4376-B57A-D05AEDCD9A25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)n2\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "5010EDAE-67BB-4E23-B0F5-10096A7DAB54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)n2\\(1b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "84CF5114-731F-4BF4-83E0-9B095C34541C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)n2\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "4750621F-E7C5-4E6A-BC5F-232E75A454E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)n2\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "08F35A63-9343-47D6-AB91-37AB148137E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)n2\\(4\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "CADBDD1D-DA17-40EE-8B23-81E9991387DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)n2\\(5\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "A623F8E1-B97B-41DD-947F-7E1B65DD6902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:7.0\\(0\\)n1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "FD613D8F-099C-43A1-BD29-A98250E1334A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:7.0\\(1\\)n1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "576B74DF-9527-4931-B1A3-8FEE1DB1AD99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:7.0\\(2\\)n1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "AA5B4FA9-E550-4C69-A4E7-A989BBCCF22E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:nexus_6001:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9662D6B-AF0F-45C8-B7CD-AE7C76593FDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_6004:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F557E38-09F6-42C6-BABA-3C3168B38BBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_6004x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F182AD1-6E51-456A-A8F7-8F3B92DBE4D0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The SNMP module in Cisco NX-OS 7.0(3)N1(1) and earlier on Nexus 5000 and 6000 devices provides different error messages for invalid requests depending on whether the VLAN ID exists, which allows remote attackers to enumerate VLANs via a series of requests, aka Bug ID CSCup85616."
    },
    {
      "lang": "es",
      "value": "El m\u00f3dulo SNMP en Cisco NX-OS 7.0(3)N1(1) y anteriores en los dispositivos Nexus 5000 y 6000 proporciona mensajes de error diferentes para solicitudes inv\u00e1lidas dependiendo de si existe el ID VLAN, lo que permite a atacantes remotos enumerar VLANs a trav\u00e9s de una serie de solicitudes, tambi\u00e9n conocido como Bug ID CSCup85616."
    }
  ],
  "id": "CVE-2014-3341",
  "lastModified": "2024-11-21T02:07:54.053",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-08-19T11:16:58.540",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3341"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35338"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securityfocus.com/bid/69266"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securitytracker.com/id/1030746"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95329"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3341"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35338"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/69266"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1030746"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95329"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-05-26 00:25
Modified
2024-11-21 02:07
Severity ?
Summary
Buffer overflow in the Smart Call Home implementation in Cisco NX-OS on Fabric Interconnects in Cisco Unified Computing System 1.4 before 1.4(1i), NX-OS 5.0 before 5.0(3)U2(2) on Nexus 3000 devices, NX-OS 4.1 before 4.1(2)E1(1l) on Nexus 4000 devices, NX-OS 5.x before 5.1(3)N1(1) on Nexus 5000 devices, NX-OS 5.2 before 5.2(3a) on Nexus 7000 devices, and CG-OS CG4 before CG4(2) on Connected 1000 Connected Grid Routers allows remote SMTP servers to execute arbitrary code via a crafted reply, aka Bug IDs CSCtk00695, CSCts56633, CSCts56632, CSCts56628, CSCug14405, and CSCuf61322.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxosVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxosVendor Advisory
Impacted products
Vendor Product Version
cisco unified_computing_system_6120xp_fabric_interconnect -
cisco unified_computing_system_6140xp_fabric_interconnect -
cisco unified_computing_system_6248up_fabric_interconnect -
cisco unified_computing_system_6296up_fabric_interconnect -
cisco unified_computing_system_infrastructure_and_unified_computing_system_software 1.4\(1j\)
cisco cg-os cg4
cisco cg-os cg4\(1\)
cisco cgr_1120 -
cisco cgr_1240 -
cisco nx-os 5.2
cisco nx-os 5.2\(1\)
cisco nx-os 5.2\(3\)
cisco nexus_7000 -
cisco nexus_7000_10-slot -
cisco nexus_7000_18-slot -
cisco nexus_7000_9-slot -
cisco nx-os -
cisco nx-os 5.0
cisco nx-os 5.0\(2\)
cisco nx-os 5.0\(2\)n1\(1\)
cisco nx-os 5.0\(2\)n2\(1\)
cisco nx-os 5.0\(2\)n2\(1a\)
cisco nx-os 5.0\(2a\)
cisco nx-os 5.0\(3\)
cisco nx-os 5.0\(3\)n1\(1\)
cisco nx-os 5.0\(3\)n1\(1a\)
cisco nx-os 5.0\(3\)n1\(1b\)
cisco nx-os 5.0\(3\)n1\(1c\)
cisco nx-os 5.0\(3\)n2\(1\)
cisco nx-os 5.0\(3\)n2\(2\)
cisco nx-os 5.0\(3\)n2\(2a\)
cisco nx-os 5.0\(3\)n2\(2b\)
cisco nx-os 5.0\(3\)u1\(1a\)
cisco nx-os 5.0\(3\)u1\(1b\)
cisco nx-os 5.0\(3\)u1\(1d\)
cisco nx-os 5.0\(3\)u1\(2\)
cisco nx-os 5.0\(3\)u1\(2a\)
cisco nx-os 5.0\(3\)u2\(1\)
cisco unified_computing_system_infrastructure_and_unified_computing_system_software 1.4\(1j\)
cisco nexus_3016q -
cisco nexus_3048 -
cisco nexus_3064t -
cisco nexus_3064x -
cisco nexus_3548 -
cisco nx-os 5.0
cisco nx-os 5.0\(2\)
cisco nx-os 5.0\(2\)n1\(1\)
cisco nx-os 5.0\(2\)n2\(1\)
cisco nx-os 5.0\(2\)n2\(1a\)
cisco nx-os 5.0\(2a\)
cisco nx-os 5.0\(3\)
cisco nx-os 5.0\(3\)n1\(1\)
cisco nx-os 5.0\(3\)n1\(1a\)
cisco nx-os 5.0\(3\)n1\(1b\)
cisco nx-os 5.0\(3\)n1\(1c\)
cisco nx-os 5.0\(3\)n2\(1\)
cisco nx-os 5.0\(3\)n2\(2\)
cisco nx-os 5.0\(3\)n2\(2a\)
cisco nx-os 5.0\(3\)n2\(2b\)
cisco nx-os 5.0\(3\)u1\(1a\)
cisco nx-os 5.0\(3\)u1\(1b\)
cisco nx-os 5.0\(3\)u1\(1d\)
cisco nx-os 5.0\(3\)u1\(2\)
cisco nx-os 5.0\(3\)u1\(2a\)
cisco nx-os 5.0\(3\)u2\(1\)
cisco nx-os 5.0\(3\)u2\(2\)
cisco nx-os 5.0\(3\)u2\(2a\)
cisco nx-os 5.0\(3\)u2\(2b\)
cisco nx-os 5.0\(3\)u2\(2c\)
cisco nx-os 5.0\(3\)u2\(2d\)
cisco nx-os 5.0\(3\)u3\(1\)
cisco nx-os 5.0\(3\)u3\(2\)
cisco nx-os 5.0\(3\)u3\(2a\)
cisco nx-os 5.0\(3\)u3\(2b\)
cisco nx-os 5.0\(3\)u4\(1\)
cisco nx-os 5.0\(3\)u5\(1\)
cisco nx-os 5.0\(3\)u5\(1a\)
cisco nx-os 5.0\(3\)u5\(1b\)
cisco nx-os 5.0\(3\)u5\(1c\)
cisco nx-os 5.0\(3\)u5\(1d\)
cisco nx-os 5.0\(3\)u5\(1e\)
cisco nx-os 5.0\(5\)
cisco nx-os 5.1
cisco nx-os 5.1\(1\)
cisco nx-os 5.1\(1a\)
cisco nx-os 5.1\(2\)
cisco nx-os 5.1\(3\)
cisco nexus_5000 -
cisco nexus_5010 -
cisco nexus_5010p_switch -
cisco nexus_5020 -
cisco nexus_5020p_switch -
cisco nexus_5548p -
cisco nexus_5548up -
cisco nexus_5596up -
cisco nx-os 4.1.\(2\)
cisco nexus_4001i -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_computing_system_6120xp_fabric_interconnect:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "908F8E5E-9BC4-4682-8C25-C07DB032A18B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:unified_computing_system_6140xp_fabric_interconnect:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "92F5E053-2C45-43F0-8A86-FB3C4C0B04E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:unified_computing_system_6248up_fabric_interconnect:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6584DF3-E466-49BE-B4D8-3E249B7816F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:unified_computing_system_6296up_fabric_interconnect:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "18DD763C-BBA6-48EC-9CFF-A5F0DEF85756",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.4\\(1j\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "9BC44EDC-9AA3-4DAF-934E-5E36683EBAB0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:cg-os:cg4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB8BB917-C330-4439-825A-3E05B69DDFF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:cg-os:cg4\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "788D020C-DFD1-43E5-A4FF-48E6003FEC0F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:cgr_1120:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1119E8B9-53A3-4724-9EEB-F4A35F9F59E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:cgr_1240:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4089B3FB-EC0D-408D-A75E-942E23BECB72",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "258F95C6-34C6-489D-95E0-5E90DAA518CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.2\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "5F179FBC-22BE-4C44-AAE0-866F1D6B1270",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.2\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "BB17004B-E1FE-4BE6-89A3-43AC2D967000",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "12180BEB-7F21-4FA7-ABD2-E9A8EA7340F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_7000_10-slot:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B22B3865-30E9-4B5A-A37D-DC33F1150FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_7000_18-slot:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "459A7F11-52BF-4AD6-B495-4C4D6C050493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_7000_9-slot:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB73543E-9B5B-4BA9-8FB4-666AF5AC8B6B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA35D4AA-24B3-428E-84ED-804EF941E9A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C39522F-401B-4510-B8AD-B57D757D60AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "86A917F0-05BF-4F01-8DFC-685E65BF65C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(2\\)n1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "7F69DC16-8793-4A50-B901-2BDBE007405E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(2\\)n2\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "392B8209-689D-4EFB-8B8E-04910EEB38AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(2\\)n2\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "2D8595D2-710F-4C09-BEA4-A3D81C2269A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(2a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "C6753978-267E-4398-A1F7-96C37B5C8600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "16131960-37FE-4154-A82C-E3249B066DC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)n1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "AD5537B6-54D4-40F1-98F4-D6E6AE91F203",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)n1\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "A7DC4F29-94D4-4D71-9D40-CD1E6C6D5A91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)n1\\(1b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1280802D-3B3B-401B-B6ED-2D940B9A94A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)n1\\(1c\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "B4B91092-DE54-4591-9C0F-A22A04AB71E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)n2\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE1F177-8952-4ECE-9E7D-5DB17895148A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)n2\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D95D0F4E-944D-4AB8-B316-7842CB1F9C26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)n2\\(2a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "7856BA8B-4959-4FC2-AF4F-747FCFCC8EBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)n2\\(2b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "3A402251-E36D-4DD1-8DE9-6DA025CBECEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)u1\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F8C124BA-D5FC-422A-B3F4-AC1A41B7EEE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)u1\\(1b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F358E8D0-624B-412A-8726-B8AF96156317",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)u1\\(1d\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "17A4CE07-64FF-4C5C-81FF-A2388818CF7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)u1\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "AFDC9595-39D4-4BF8-AF18-D27A500C9007",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)u1\\(2a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "7241BFDB-6386-4CBE-ACFB-4599EDE9CB53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)u2\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF7CE90-9433-4E1D-A2AD-0B8854521CCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.4\\(1j\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "9BC44EDC-9AA3-4DAF-934E-5E36683EBAB0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:nexus_3016q:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D402AB0-BCFB-4F42-8C50-5DC930AEEC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_3048:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC2A6C31-438A-4CF5-A3F3-364B1672EB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_3064t:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F4E8EE4-031D-47D3-A12E-EE5F792172EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_3064x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "00CDD8C3-67D5-4E9F-9D48-A77B55DB0AB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_3548:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "088C0323-683A-44F5-8D42-FF6EC85D080E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C39522F-401B-4510-B8AD-B57D757D60AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "86A917F0-05BF-4F01-8DFC-685E65BF65C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(2\\)n1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "7F69DC16-8793-4A50-B901-2BDBE007405E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(2\\)n2\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "392B8209-689D-4EFB-8B8E-04910EEB38AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(2\\)n2\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "2D8595D2-710F-4C09-BEA4-A3D81C2269A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(2a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "C6753978-267E-4398-A1F7-96C37B5C8600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "16131960-37FE-4154-A82C-E3249B066DC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)n1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "AD5537B6-54D4-40F1-98F4-D6E6AE91F203",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)n1\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "A7DC4F29-94D4-4D71-9D40-CD1E6C6D5A91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)n1\\(1b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1280802D-3B3B-401B-B6ED-2D940B9A94A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)n1\\(1c\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "B4B91092-DE54-4591-9C0F-A22A04AB71E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)n2\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE1F177-8952-4ECE-9E7D-5DB17895148A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)n2\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D95D0F4E-944D-4AB8-B316-7842CB1F9C26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)n2\\(2a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "7856BA8B-4959-4FC2-AF4F-747FCFCC8EBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)n2\\(2b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "3A402251-E36D-4DD1-8DE9-6DA025CBECEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)u1\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F8C124BA-D5FC-422A-B3F4-AC1A41B7EEE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)u1\\(1b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F358E8D0-624B-412A-8726-B8AF96156317",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)u1\\(1d\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "17A4CE07-64FF-4C5C-81FF-A2388818CF7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)u1\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "AFDC9595-39D4-4BF8-AF18-D27A500C9007",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)u1\\(2a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "7241BFDB-6386-4CBE-ACFB-4599EDE9CB53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)u2\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF7CE90-9433-4E1D-A2AD-0B8854521CCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)u2\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "171160E9-F6B8-4C8A-B086-431E3E2A27BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)u2\\(2a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "9CAFAE6E-8B64-4A1F-A7E4-2D4BDFB7D5B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)u2\\(2b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "91C35886-CB9B-4477-9AB3-9F1C9E45E757",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)u2\\(2c\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "7F393BE8-8CC4-4302-829F-2C4F97BAC14B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)u2\\(2d\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "CE855B3E-B2B8-4EBA-8303-55F6A5A77E79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)u3\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "641D651A-B85B-4E9E-BE92-35AFAE8A63A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)u3\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "7810F6FD-F58F-4121-9D30-8C5E3E163EFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)u3\\(2a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "09C38DCD-2A5F-4095-ABA4-02E95D93C358",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)u3\\(2b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "103A4C19-0E91-45FC-9AA2-F40215FCF63B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)u4\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "7F61C03B-D7AB-468A-B092-158730FB3E0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)u5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "7F883AA8-CC44-4440-AB30-D7AC29C242F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)u5\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "7390B4D2-2121-4311-A798-337E8B777A7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)u5\\(1b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "924C6663-9EA0-4124-ACC6-0AFC649AEA6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)u5\\(1c\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "3C559C83-FB34-4B1A-A6B3-1834D6CD022C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)u5\\(1d\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "7F422D53-4FF4-43FB-8F62-D53393A8C038",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)u5\\(1e\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "7CFFFE88-17EA-4515-BF71-C0AB82957B21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(5\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "7B3296D4-DA94-4E41-BAAF-CEC0E84BB498",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAF1FF08-9455-45A8-A1D4-C96988F79987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "9B582362-FCFB-4D94-9C0E-2B7FD3F5340E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.1\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "93FF6E77-B7C2-4CBB-A8FE-1D6218BA330C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.1\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "B6B1F984-396F-4468-99A4-93A0F0E4B170",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.1\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "5CAF2ADA-2C84-44EB-8893-0AB612AFF68F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F2B1E07-8519-4F58-9048-81ABA12E01DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E275D31F-4FA1-428E-AB4A-D2802FF0CF1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5010p_switch:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FD1E96B-1927-42DC-A47B-5632CED2D40F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA7F5823-41A8-47C8-A154-02C6C31EF76A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5020p_switch:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0737BA36-75AB-478D-9001-3DA3E49C6F00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5548p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5519EA9-1236-4F51-9974-E3FC1B26B5D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5548up:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB0A3B06-8B25-4CD3-AFA9-5F928B1042F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5596up:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC4D4403-F93B-4CC8-B75F-7A5B03FEDD85",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:4.1.\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "DA1702F4-816E-4045-80B6-2BC71DC344F6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:nexus_4001i:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB68FC53-5CD6-445F-9BB5-1F3724D92A4B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the Smart Call Home implementation in Cisco NX-OS on Fabric Interconnects in Cisco Unified Computing System 1.4 before 1.4(1i), NX-OS 5.0 before 5.0(3)U2(2) on Nexus 3000 devices, NX-OS 4.1 before 4.1(2)E1(1l) on Nexus 4000 devices, NX-OS 5.x before 5.1(3)N1(1) on Nexus 5000 devices, NX-OS 5.2 before 5.2(3a) on Nexus 7000 devices, and CG-OS CG4 before CG4(2) on Connected 1000 Connected Grid Routers allows remote SMTP servers to execute arbitrary code via a crafted reply, aka Bug IDs CSCtk00695, CSCts56633, CSCts56632, CSCts56628, CSCug14405, and CSCuf61322."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de buffer en la implementaci\u00f3n Smart Call Home en Cisco NX-OS on Fabric Interconnects en Cisco Unified Computing System 1.4 anterior a 1.4(1i), NX-OS 5.0 anterior a 5.0(3)U2(2) en dispositivos Nexus 3000, NX-OS 4.1 anterior a 4.1(2)E1(1l) en dispositivos Nexus 4000, NX-OS 5.x anterior a 5.1(3)N1(1) en dispositivos Nexus 5000, NX-OS 5.2 anterior a 5.2(3a) en dispositivos Nexus 7000 y CG-OS CG4 anterior a CG4(2) en Connected 1000 Connected Grid Routers permite a servidores SMTP remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una respuesta manipulada, tambi\u00e9n conocido como Bug IDs CSCtk00695, CSCts56633, CSCts56632, CSCts56628, CSCug14405 y CSCuf61322."
    }
  ],
  "id": "CVE-2014-3261",
  "lastModified": "2024-11-21T02:07:44.867",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.6,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-05-26T00:25:32.220",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-04-25 10:55
Modified
2024-11-21 01:49
Severity ?
Summary
The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5.2.8, and Cisco Device Manager for Cisco Nexus 5000 devices, allow remote attackers to execute arbitrary commands on Windows client machines via a crafted element-manager.jnlp file, aka Bug IDs CSCty17417 and CSCty10802.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-fmdmVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-fmdmVendor Advisory
Impacted products
Vendor Product Version
cisco adaptive_security_appliance_device_manager *
cisco adaptive_security_appliance_device_manager 5.0.1
cisco adaptive_security_appliance_device_manager 5.0.2
cisco adaptive_security_appliance_device_manager 5.0.4
cisco adaptive_security_appliance_device_manager 5.0.5
cisco adaptive_security_appliance_device_manager 5.0.6
cisco adaptive_security_appliance_device_manager 5.0.7
cisco adaptive_security_appliance_device_manager 5.0.8
cisco adaptive_security_appliance_device_manager 5.0.9
cisco adaptive_security_appliance_device_manager 5.1.1
cisco adaptive_security_appliance_device_manager 5.1.2
cisco adaptive_security_appliance_device_manager 5.2.1
cisco adaptive_security_appliance_device_manager 5.2.2
cisco adaptive_security_appliance_device_manager 5.2.3
cisco adaptive_security_appliance_device_manager 5.2.4
cisco nexus_5000 -
cisco nexus_5010 -
cisco nexus_5010p_switch -
cisco nexus_5020 -
cisco nexus_5020p_switch -
cisco nexus_5548p -
cisco nexus_5548up -
cisco nexus_5596up -
cisco adaptive_security_appliance_device_manager *
cisco adaptive_security_appliance_device_manager 5.0.1
cisco adaptive_security_appliance_device_manager 5.0.2
cisco adaptive_security_appliance_device_manager 5.0.4
cisco adaptive_security_appliance_device_manager 5.0.5
cisco adaptive_security_appliance_device_manager 5.0.6
cisco adaptive_security_appliance_device_manager 5.0.7
cisco adaptive_security_appliance_device_manager 5.0.8
cisco adaptive_security_appliance_device_manager 5.0.9
cisco adaptive_security_appliance_device_manager 5.1.1
cisco adaptive_security_appliance_device_manager 5.1.2
cisco adaptive_security_appliance_device_manager 5.2.1
cisco adaptive_security_appliance_device_manager 5.2.2
cisco adaptive_security_appliance_device_manager 5.2.3
cisco adaptive_security_appliance_device_manager 5.2.4
cisco mds_9000 *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "79FD6080-B82E-4DB6-A4DF-470FE996E07C",
              "versionEndIncluding": "5.2.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "09BAF24A-AC9F-447E-9C35-315BA6271B2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6741F961-98F5-48C0-853E-C5B5C29172BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C84EB0EF-B0AF-4932-A719-31B97BFA3AA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "260A022E-EC6B-4D62-AE08-69F743D89827",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D17331FF-28B0-4EB0-B2FB-8A56218E6037",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "98E79DFE-7496-4022-8A24-0723DD28BE9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52DAC91-9280-4F7E-A0CF-750700FF3290",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B77C14F-03F5-4B90-8098-D90AACFC043F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "80C9A26D-FBFF-40C5-A041-6BB65511C53A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D58402E4-472E-46AE-AC0C-25B12C9C6567",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD03EE75-B7A4-4C7A-B691-FC9E4C8BE594",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "73C6A552-F328-4331-BBF8-EA3D6A5B3936",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D179D1F3-EB94-4D4F-9B0C-074B59570DAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8995A10A-C0A0-4297-9F7D-5B4C3D8A26BB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F2B1E07-8519-4F58-9048-81ABA12E01DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E275D31F-4FA1-428E-AB4A-D2802FF0CF1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5010p_switch:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FD1E96B-1927-42DC-A47B-5632CED2D40F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA7F5823-41A8-47C8-A154-02C6C31EF76A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5020p_switch:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0737BA36-75AB-478D-9001-3DA3E49C6F00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5548p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5519EA9-1236-4F51-9974-E3FC1B26B5D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5548up:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB0A3B06-8B25-4CD3-AFA9-5F928B1042F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5596up:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC4D4403-F93B-4CC8-B75F-7A5B03FEDD85",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "79FD6080-B82E-4DB6-A4DF-470FE996E07C",
              "versionEndIncluding": "5.2.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "09BAF24A-AC9F-447E-9C35-315BA6271B2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6741F961-98F5-48C0-853E-C5B5C29172BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C84EB0EF-B0AF-4932-A719-31B97BFA3AA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "260A022E-EC6B-4D62-AE08-69F743D89827",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D17331FF-28B0-4EB0-B2FB-8A56218E6037",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "98E79DFE-7496-4022-8A24-0723DD28BE9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52DAC91-9280-4F7E-A0CF-750700FF3290",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B77C14F-03F5-4B90-8098-D90AACFC043F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "80C9A26D-FBFF-40C5-A041-6BB65511C53A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D58402E4-472E-46AE-AC0C-25B12C9C6567",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD03EE75-B7A4-4C7A-B691-FC9E4C8BE594",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "73C6A552-F328-4331-BBF8-EA3D6A5B3936",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D179D1F3-EB94-4D4F-9B0C-074B59570DAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8995A10A-C0A0-4297-9F7D-5B4C3D8A26BB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:mds_9000:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F2ED90B-DDBA-49DE-AC78-20E7D77C8858",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5.2.8, and Cisco Device Manager for Cisco Nexus 5000 devices, allow remote attackers to execute arbitrary commands on Windows client machines via a crafted element-manager.jnlp file, aka Bug IDs CSCty17417 and CSCty10802."
    },
    {
      "lang": "es",
      "value": "Los archivos JAR en Cisco Device Manager de dispositivos Cisco MDS 9000 antes de v5.2.8 y Cisco Device Manager dispositivos Nexus 5000, permite a atacantes remotos ejecutar comandos arbitrarios en los equipos cliente de Windows a trav\u00e9s de un archivo de elemento manager.jnlp hecho a mano, tambi\u00e9n conocido como Bug IDs CSCty17417 y CSCty10802."
    }
  ],
  "evaluatorImpact": "Per: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-fmdm\r\n\r\n\"Cisco Device Manager versions 5.x and earlier. Note: Only Cisco Device Manager software installed or launched via JNLP file on Microsoft Windows is affected by this vulnerability.\"",
  "id": "CVE-2013-1192",
  "lastModified": "2024-11-21T01:49:05.190",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-04-25T10:55:01.787",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-fmdm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-fmdm"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-05-03 10:11
Modified
2024-11-21 01:31
Severity ?
Summary
Memory leak in libcmd in Cisco NX-OS 5.0 on Nexus switches allows remote authenticated users to cause a denial of service (memory consumption) via SNMP requests, aka Bug ID CSCtr65682.
References
ykramarz@cisco.comhttp://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/release/notes/Rel_5_0_3_N2_1/Nexus5000_Release_Notes_5_0_3_N2.html
af854a3a-2127-422b-91ae-364da2661108http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/release/notes/Rel_5_0_3_N2_1/Nexus5000_Release_Notes_5_0_3_N2.html
Impacted products
Vendor Product Version
cisco nx-os 5.0
cisco nx-os 5.0\(2\)
cisco nx-os 5.0\(2\)n1\(1\)
cisco nx-os 5.0\(2\)n2\(1\)
cisco nx-os 5.0\(2\)n2\(1a\)
cisco nx-os 5.0\(2a\)
cisco nx-os 5.0\(3\)
cisco nx-os 5.0\(3\)n1\(1\)
cisco nx-os 5.0\(3\)n1\(1a\)
cisco nx-os 5.0\(3\)n1\(1b\)
cisco nx-os 5.0\(3\)n1\(1c\)
cisco nx-os 5.0\(3\)n2\(1\)
cisco nx-os 5.0\(3\)n2\(2\)
cisco nx-os 5.0\(3\)n2\(2a\)
cisco nx-os 5.0\(3\)n2\(2b\)
cisco nx-os 5.0\(5\)
cisco nexus_2148t_fex_switch -
cisco nexus_2224tp_fex_switch -
cisco nexus_2232pp_fex_switch -
cisco nexus_2232tm_fex_switch -
cisco nexus_2248tp_e_fex_switch -
cisco nexus_2248tp_fex_switch -
cisco nexus_5010p_switch -
cisco nexus_5020p_switch -
cisco nexus_5548p -
cisco nexus_5548up -
cisco nexus_5596up -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C39522F-401B-4510-B8AD-B57D757D60AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "86A917F0-05BF-4F01-8DFC-685E65BF65C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(2\\)n1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "7F69DC16-8793-4A50-B901-2BDBE007405E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(2\\)n2\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "392B8209-689D-4EFB-8B8E-04910EEB38AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(2\\)n2\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "2D8595D2-710F-4C09-BEA4-A3D81C2269A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(2a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "C6753978-267E-4398-A1F7-96C37B5C8600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "16131960-37FE-4154-A82C-E3249B066DC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)n1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "AD5537B6-54D4-40F1-98F4-D6E6AE91F203",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)n1\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "A7DC4F29-94D4-4D71-9D40-CD1E6C6D5A91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)n1\\(1b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1280802D-3B3B-401B-B6ED-2D940B9A94A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)n1\\(1c\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "B4B91092-DE54-4591-9C0F-A22A04AB71E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)n2\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE1F177-8952-4ECE-9E7D-5DB17895148A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)n2\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D95D0F4E-944D-4AB8-B316-7842CB1F9C26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)n2\\(2a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "7856BA8B-4959-4FC2-AF4F-747FCFCC8EBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(3\\)n2\\(2b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "3A402251-E36D-4DD1-8DE9-6DA025CBECEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(5\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "7B3296D4-DA94-4E41-BAAF-CEC0E84BB498",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:nexus_2148t_fex_switch:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1898BDC8-BC36-42C7-933A-43287F3119AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_2224tp_fex_switch:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "156B5256-CB59-4351-B0AA-A4E105ADB677",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_2232pp_fex_switch:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "434EBB2A-818A-4EB5-928D-71E2B256317D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_2232tm_fex_switch:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADCA9CE1-76AB-412A-8A07-F651BAFA4CC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_2248tp_e_fex_switch:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FB226EF-FBC5-4EAD-B9F0-53DF6F46B76F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_2248tp_fex_switch:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3B1097F-5BDE-4E2A-A49B-5380C4CAAFAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5010p_switch:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FD1E96B-1927-42DC-A47B-5632CED2D40F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5020p_switch:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0737BA36-75AB-478D-9001-3DA3E49C6F00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5548p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5519EA9-1236-4F51-9974-E3FC1B26B5D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5548up:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB0A3B06-8B25-4CD3-AFA9-5F928B1042F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_5596up:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC4D4403-F93B-4CC8-B75F-7A5B03FEDD85",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Memory leak in libcmd in Cisco NX-OS 5.0 on Nexus switches allows remote authenticated users to cause a denial of service (memory consumption) via SNMP requests, aka Bug ID CSCtr65682."
    },
    {
      "lang": "es",
      "value": "P\u00e9rdida de memoria en libcmd en Cisco NX-OS v5.0 en Nexus switches permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de peticiones SNMP, tambi\u00e9n conocido como Bug ID CSCtr65682."
    }
  ],
  "id": "CVE-2011-4023",
  "lastModified": "2024-11-21T01:31:42.820",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-05-03T10:11:39.640",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/release/notes/Rel_5_0_3_N2_1/Nexus5000_Release_Notes_5_0_3_N2.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/release/notes/Rel_5_0_3_N2_1/Nexus5000_Release_Notes_5_0_3_N2.html"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2017-3883
Vulnerability from cvelistv5
Published
2017-10-19 08:00
Modified
2024-08-05 14:39
Severity ?
Summary
A vulnerability in the authentication, authorization, and accounting (AAA) implementation of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability occurs because AAA processes prevent the NX-OS System Manager from receiving keepalive messages when an affected device receives a high rate of login attempts, such as in a brute-force login attack. System memory can run low on the FXOS devices under the same conditions, which could cause the AAA process to unexpectedly restart or cause the device to reload. An attacker could exploit this vulnerability by performing a brute-force login attack against a device that is configured with AAA security services. A successful exploit could allow the attacker to cause the affected device to reload. This vulnerability affects the following Cisco products if they are running Cisco FXOS or NX-OS System Software that is configured for AAA services: Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, Multilayer Director Switches, Nexus 1000V Series Switches, Nexus 1100 Series Cloud Services Platforms, Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System (UCS) 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCuq58760, CSCuq71257, CSCur97432, CSCus05214, CSCux54898, CSCvc33141, CSCvd36971, CSCve03660.
References
http://www.securitytracker.com/id/1039614vdb-entry, x_refsource_SECTRACK
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-aaavtyx_refsource_CONFIRM
http://www.securityfocus.com/bid/101493vdb-entry, x_refsource_BID
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03846en_usx_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:39:41.295Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1039614",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039614"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-aaavty"
          },
          {
            "name": "101493",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101493"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03846en_us"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-10-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the authentication, authorization, and accounting (AAA) implementation of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability occurs because AAA processes prevent the NX-OS System Manager from receiving keepalive messages when an affected device receives a high rate of login attempts, such as in a brute-force login attack. System memory can run low on the FXOS devices under the same conditions, which could cause the AAA process to unexpectedly restart or cause the device to reload. An attacker could exploit this vulnerability by performing a brute-force login attack against a device that is configured with AAA security services. A successful exploit could allow the attacker to cause the affected device to reload. This vulnerability affects the following Cisco products if they are running Cisco FXOS or NX-OS System Software that is configured for AAA services: Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, Multilayer Director Switches, Nexus 1000V Series Switches, Nexus 1100 Series Cloud Services Platforms, Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System (UCS) 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCuq58760, CSCuq71257, CSCur97432, CSCus05214, CSCux54898, CSCvc33141, CSCvd36971, CSCve03660."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-28T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1039614",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039614"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-aaavty"
        },
        {
          "name": "101493",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101493"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03846en_us"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-3883",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the authentication, authorization, and accounting (AAA) implementation of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability occurs because AAA processes prevent the NX-OS System Manager from receiving keepalive messages when an affected device receives a high rate of login attempts, such as in a brute-force login attack. System memory can run low on the FXOS devices under the same conditions, which could cause the AAA process to unexpectedly restart or cause the device to reload. An attacker could exploit this vulnerability by performing a brute-force login attack against a device that is configured with AAA security services. A successful exploit could allow the attacker to cause the affected device to reload. This vulnerability affects the following Cisco products if they are running Cisco FXOS or NX-OS System Software that is configured for AAA services: Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, Multilayer Director Switches, Nexus 1000V Series Switches, Nexus 1100 Series Cloud Services Platforms, Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System (UCS) 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCuq58760, CSCuq71257, CSCur97432, CSCus05214, CSCux54898, CSCvc33141, CSCvd36971, CSCve03660."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1039614",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039614"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-aaavty",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-aaavty"
            },
            {
              "name": "101493",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101493"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03846en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03846en_us"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-3883",
    "datePublished": "2017-10-19T08:00:00",
    "dateReserved": "2016-12-21T00:00:00",
    "dateUpdated": "2024-08-05T14:39:41.295Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-3261
Vulnerability from cvelistv5
Published
2014-05-24 01:00
Modified
2024-08-06 10:35
Severity ?
Summary
Buffer overflow in the Smart Call Home implementation in Cisco NX-OS on Fabric Interconnects in Cisco Unified Computing System 1.4 before 1.4(1i), NX-OS 5.0 before 5.0(3)U2(2) on Nexus 3000 devices, NX-OS 4.1 before 4.1(2)E1(1l) on Nexus 4000 devices, NX-OS 5.x before 5.1(3)N1(1) on Nexus 5000 devices, NX-OS 5.2 before 5.2(3a) on Nexus 7000 devices, and CG-OS CG4 before CG4(2) on Connected 1000 Connected Grid Routers allows remote SMTP servers to execute arbitrary code via a crafted reply, aka Bug IDs CSCtk00695, CSCts56633, CSCts56632, CSCts56628, CSCug14405, and CSCuf61322.
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxosvendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:35:57.142Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20140521 Multiple Vulnerabilities in Cisco NX-OS-Based Products",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the Smart Call Home implementation in Cisco NX-OS on Fabric Interconnects in Cisco Unified Computing System 1.4 before 1.4(1i), NX-OS 5.0 before 5.0(3)U2(2) on Nexus 3000 devices, NX-OS 4.1 before 4.1(2)E1(1l) on Nexus 4000 devices, NX-OS 5.x before 5.1(3)N1(1) on Nexus 5000 devices, NX-OS 5.2 before 5.2(3a) on Nexus 7000 devices, and CG-OS CG4 before CG4(2) on Connected 1000 Connected Grid Routers allows remote SMTP servers to execute arbitrary code via a crafted reply, aka Bug IDs CSCtk00695, CSCts56633, CSCts56632, CSCts56628, CSCug14405, and CSCuf61322."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-05-24T01:57:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20140521 Multiple Vulnerabilities in Cisco NX-OS-Based Products",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2014-3261",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the Smart Call Home implementation in Cisco NX-OS on Fabric Interconnects in Cisco Unified Computing System 1.4 before 1.4(1i), NX-OS 5.0 before 5.0(3)U2(2) on Nexus 3000 devices, NX-OS 4.1 before 4.1(2)E1(1l) on Nexus 4000 devices, NX-OS 5.x before 5.1(3)N1(1) on Nexus 5000 devices, NX-OS 5.2 before 5.2(3a) on Nexus 7000 devices, and CG-OS CG4 before CG4(2) on Connected 1000 Connected Grid Routers allows remote SMTP servers to execute arbitrary code via a crafted reply, aka Bug IDs CSCtk00695, CSCts56633, CSCts56632, CSCts56628, CSCug14405, and CSCuf61322."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20140521 Multiple Vulnerabilities in Cisco NX-OS-Based Products",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2014-3261",
    "datePublished": "2014-05-24T01:00:00",
    "dateReserved": "2014-05-07T00:00:00",
    "dateUpdated": "2024-08-06T10:35:57.142Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-1192
Vulnerability from cvelistv5
Published
2013-04-25 10:00
Modified
2024-09-16 20:22
Severity ?
Summary
The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5.2.8, and Cisco Device Manager for Cisco Nexus 5000 devices, allow remote attackers to execute arbitrary commands on Windows client machines via a crafted element-manager.jnlp file, aka Bug IDs CSCty17417 and CSCty10802.
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-fmdmvendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:57:03.530Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20130424 Cisco Device Manager Command Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-fmdm"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5.2.8, and Cisco Device Manager for Cisco Nexus 5000 devices, allow remote attackers to execute arbitrary commands on Windows client machines via a crafted element-manager.jnlp file, aka Bug IDs CSCty17417 and CSCty10802."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-04-25T10:00:00Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20130424 Cisco Device Manager Command Execution Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-fmdm"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-1192",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5.2.8, and Cisco Device Manager for Cisco Nexus 5000 devices, allow remote attackers to execute arbitrary commands on Windows client machines via a crafted element-manager.jnlp file, aka Bug IDs CSCty17417 and CSCty10802."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130424 Cisco Device Manager Command Execution Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-fmdm"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-1192",
    "datePublished": "2013-04-25T10:00:00Z",
    "dateReserved": "2013-01-11T00:00:00Z",
    "dateUpdated": "2024-09-16T20:22:27.150Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-12301
Vulnerability from cvelistv5
Published
2017-10-19 08:00
Modified
2024-08-05 18:36
Severity ?
Summary
A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient sanitization of user-supplied parameters that are passed to certain Python functions within the scripting sandbox of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. To exploit this vulnerability, an attacker must have local access and be authenticated to the targeted device with administrative or Python execution privileges. These requirements could limit the possibility of a successful exploit. This vulnerability affects the following Cisco products if they are running Cisco NX-OS Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches - Standalone, NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCvb86832, CSCvd86474, CSCvd86479, CSCvd86484, CSCvd86490, CSCve97102, CSCvf12757, CSCvf12804, CSCvf12815, CSCvf15198.
References
http://www.securitytracker.com/id/1039622vdb-entry, x_refsource_SECTRACK
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ppex_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:36:55.801Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1039622",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039622"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ppe"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS Software",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco NX-OS Software"
            }
          ]
        }
      ],
      "datePublic": "2017-10-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient sanitization of user-supplied parameters that are passed to certain Python functions within the scripting sandbox of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. To exploit this vulnerability, an attacker must have local access and be authenticated to the targeted device with administrative or Python execution privileges. These requirements could limit the possibility of a successful exploit. This vulnerability affects the following Cisco products if they are running Cisco NX-OS Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches - Standalone, NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCvb86832, CSCvd86474, CSCvd86479, CSCvd86484, CSCvd86490, CSCve97102, CSCvf12757, CSCvf12804, CSCvf12815, CSCvf15198."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-19T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1039622",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039622"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ppe"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-12301",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco NX-OS Software"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient sanitization of user-supplied parameters that are passed to certain Python functions within the scripting sandbox of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. To exploit this vulnerability, an attacker must have local access and be authenticated to the targeted device with administrative or Python execution privileges. These requirements could limit the possibility of a successful exploit. This vulnerability affects the following Cisco products if they are running Cisco NX-OS Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches - Standalone, NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCvb86832, CSCvd86474, CSCvd86479, CSCvd86484, CSCvd86490, CSCve97102, CSCvf12757, CSCvf12804, CSCvf12815, CSCvf15198."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1039622",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039622"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ppe",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ppe"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-12301",
    "datePublished": "2017-10-19T08:00:00",
    "dateReserved": "2017-08-03T00:00:00",
    "dateUpdated": "2024-08-05T18:36:55.801Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-4023
Vulnerability from cvelistv5
Published
2012-05-03 10:00
Modified
2024-09-17 02:00
Severity ?
Summary
Memory leak in libcmd in Cisco NX-OS 5.0 on Nexus switches allows remote authenticated users to cause a denial of service (memory consumption) via SNMP requests, aka Bug ID CSCtr65682.
References
http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/release/notes/Rel_5_0_3_N2_1/Nexus5000_Release_Notes_5_0_3_N2.htmlx_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:53:32.677Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/release/notes/Rel_5_0_3_N2_1/Nexus5000_Release_Notes_5_0_3_N2.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Memory leak in libcmd in Cisco NX-OS 5.0 on Nexus switches allows remote authenticated users to cause a denial of service (memory consumption) via SNMP requests, aka Bug ID CSCtr65682."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-05-03T10:00:00Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/release/notes/Rel_5_0_3_N2_1/Nexus5000_Release_Notes_5_0_3_N2.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2011-4023",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Memory leak in libcmd in Cisco NX-OS 5.0 on Nexus switches allows remote authenticated users to cause a denial of service (memory consumption) via SNMP requests, aka Bug ID CSCtr65682."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/release/notes/Rel_5_0_3_N2_1/Nexus5000_Release_Notes_5_0_3_N2.html",
              "refsource": "CONFIRM",
              "url": "http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/release/notes/Rel_5_0_3_N2_1/Nexus5000_Release_Notes_5_0_3_N2.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2011-4023",
    "datePublished": "2012-05-03T10:00:00Z",
    "dateReserved": "2011-10-06T00:00:00Z",
    "dateUpdated": "2024-09-17T02:00:51.396Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-3341
Vulnerability from cvelistv5
Published
2014-08-19 10:00
Modified
2024-08-06 10:43
Severity ?
Summary
The SNMP module in Cisco NX-OS 7.0(3)N1(1) and earlier on Nexus 5000 and 6000 devices provides different error messages for invalid requests depending on whether the VLAN ID exists, which allows remote attackers to enumerate VLANs via a series of requests, aka Bug ID CSCup85616.
References
http://tools.cisco.com/security/center/viewAlert.x?alertId=35338x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/95329vdb-entry, x_refsource_XF
http://www.securityfocus.com/bid/69266vdb-entry, x_refsource_BID
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3341vendor-advisory, x_refsource_CISCO
http://www.securitytracker.com/id/1030746vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:43:05.090Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35338"
          },
          {
            "name": "cisco-nxos-cve20143341-info-disc(95329)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95329"
          },
          {
            "name": "69266",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/69266"
          },
          {
            "name": "20140818 Cisco NX-OS Software SNMP Information Disclosure Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3341"
          },
          {
            "name": "1030746",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030746"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-08-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The SNMP module in Cisco NX-OS 7.0(3)N1(1) and earlier on Nexus 5000 and 6000 devices provides different error messages for invalid requests depending on whether the VLAN ID exists, which allows remote attackers to enumerate VLANs via a series of requests, aka Bug ID CSCup85616."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35338"
        },
        {
          "name": "cisco-nxos-cve20143341-info-disc(95329)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95329"
        },
        {
          "name": "69266",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/69266"
        },
        {
          "name": "20140818 Cisco NX-OS Software SNMP Information Disclosure Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3341"
        },
        {
          "name": "1030746",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030746"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2014-3341",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The SNMP module in Cisco NX-OS 7.0(3)N1(1) and earlier on Nexus 5000 and 6000 devices provides different error messages for invalid requests depending on whether the VLAN ID exists, which allows remote attackers to enumerate VLANs via a series of requests, aka Bug ID CSCup85616."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35338",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35338"
            },
            {
              "name": "cisco-nxos-cve20143341-info-disc(95329)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95329"
            },
            {
              "name": "69266",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/69266"
            },
            {
              "name": "20140818 Cisco NX-OS Software SNMP Information Disclosure Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3341"
            },
            {
              "name": "1030746",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030746"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2014-3341",
    "datePublished": "2014-08-19T10:00:00",
    "dateReserved": "2014-05-07T00:00:00",
    "dateUpdated": "2024-08-06T10:43:05.090Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}