CVE-2013-1191
Vulnerability from cvelistv5
Published
2014-05-24 01:00
Modified
2024-08-06 14:57
Severity ?
Summary
Cisco NX-OS 6.1 before 6.1(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via crafted SSH key data in an SSH session to a management interface, aka Bug ID CSCud88400.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxosVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxosVendor Advisory
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:57:02.960Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20140521 Multiple Vulnerabilities in Cisco NX-OS-Based Products",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco NX-OS 6.1 before 6.1(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via crafted SSH key data in an SSH session to a management interface, aka Bug ID CSCud88400."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-05-24T01:57:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20140521 Multiple Vulnerabilities in Cisco NX-OS-Based Products",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-1191",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco NX-OS 6.1 before 6.1(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via crafted SSH key data in an SSH session to a management interface, aka Bug ID CSCud88400."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20140521 Multiple Vulnerabilities in Cisco NX-OS-Based Products",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-1191",
    "datePublished": "2014-05-24T01:00:00",
    "dateReserved": "2013-01-11T00:00:00",
    "dateUpdated": "2024-08-06T14:57:02.960Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:nx-os:6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"65FED959-8185-46B8-863E-1C29B2B6D729\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:nx-os:6.1\\\\(1\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C6F882AB-C25D-477F-96BF-7001BB77B955\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:nx-os:6.1\\\\(2\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"35E48EE6-C498-4E13-AC5E-28F6B4391725\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:nx-os:6.1\\\\(3\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A3B41075-01D1-4832-A025-07A378F2A5E6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:nx-os:6.1\\\\(4\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"858E4134-643C-422C-8441-5372F4BC25D8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:nx-os:6.1\\\\(4a\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A12BFDB0-4B90-4EB6-9CBE-A7A33C57EA9E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"12180BEB-7F21-4FA7-ABD2-E9A8EA7340F3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:nexus_7000_10-slot:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B22B3865-30E9-4B5A-A37D-DC33F1150FFE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:nexus_7000_18-slot:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"459A7F11-52BF-4AD6-B495-4C4D6C050493\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:nexus_7000_9-slot:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB73543E-9B5B-4BA9-8FB4-666AF5AC8B6B\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cisco NX-OS 6.1 before 6.1(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via crafted SSH key data in an SSH session to a management interface, aka Bug ID CSCud88400.\"}, {\"lang\": \"es\", \"value\": \"Cisco NX-OS 6.1 anterior a 6.1(5) en dispositivos Nexus 7000, cuando autenticaci\\u00f3n local y m\\u00faltiples VDCs est\\u00e1n habilitadas, permite a usuarios remotos autenticados ganar privilegios dentro de una VDC no intencionada a trav\\u00e9s de datos de claves SSH manipulados en una sesi\\u00f3n hacia una interfaz de gesti\\u00f3n, tambi\\u00e9n conocido como Bug ID CSCud88400.\"}]",
      "id": "CVE-2013-1191",
      "lastModified": "2024-11-21T01:49:05.073",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:S/C:C/I:C/A:C\", \"baseScore\": 7.1, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2014-05-26T00:25:31.673",
      "references": "[{\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2013-1191\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2014-05-26T00:25:31.673\",\"lastModified\":\"2024-11-21T01:49:05.073\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cisco NX-OS 6.1 before 6.1(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via crafted SSH key data in an SSH session to a management interface, aka Bug ID CSCud88400.\"},{\"lang\":\"es\",\"value\":\"Cisco NX-OS 6.1 anterior a 6.1(5) en dispositivos Nexus 7000, cuando autenticaci\u00f3n local y m\u00faltiples VDCs est\u00e1n habilitadas, permite a usuarios remotos autenticados ganar privilegios dentro de una VDC no intencionada a trav\u00e9s de datos de claves SSH manipulados en una sesi\u00f3n hacia una interfaz de gesti\u00f3n, tambi\u00e9n conocido como Bug ID CSCud88400.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:S/C:C/I:C/A:C\",\"baseScore\":7.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65FED959-8185-46B8-863E-1C29B2B6D729\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:6.1\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6F882AB-C25D-477F-96BF-7001BB77B955\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:6.1\\\\(2\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"35E48EE6-C498-4E13-AC5E-28F6B4391725\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:6.1\\\\(3\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3B41075-01D1-4832-A025-07A378F2A5E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:6.1\\\\(4\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"858E4134-643C-422C-8441-5372F4BC25D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:6.1\\\\(4a\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A12BFDB0-4B90-4EB6-9CBE-A7A33C57EA9E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12180BEB-7F21-4FA7-ABD2-E9A8EA7340F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:nexus_7000_10-slot:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B22B3865-30E9-4B5A-A37D-DC33F1150FFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:nexus_7000_18-slot:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"459A7F11-52BF-4AD6-B495-4C4D6C050493\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:nexus_7000_9-slot:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB73543E-9B5B-4BA9-8FB4-666AF5AC8B6B\"}]}]}],\"references\":[{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.