cvelistv5 - CVE-2013-5556

CVE-2013-5556

Vulnerability from cvelistv5

Published

2013-11-16 02:00

Modified

2024-09-17 01:36

Severity ?

Summary

References

URL	Tags
ykramarz@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5556	Vendor Advisory
ykramarz@cisco.com	http://tools.cisco.com/security/center/viewAlert.x?alertId=31774	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5556	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/viewAlert.x?alertId=31774	Vendor Advisory

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:15:21.378Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20131114 Cisco Nexus 1000V Arbitrary Command Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5556"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31774"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The license-installation module on the Cisco Nexus 1000V switch 4.2(1)SV1(5.2b) and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.2(1)SM1(5.1) for Microsoft Hyper-V, and Cisco Virtual Security Gateway 4.2(1)VSG1(1) for Nexus 1000V switches allows local users to gain privileges and execute arbitrary commands via crafted \"install all iso\" arguments, aka Bug ID CSCui21340."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-11-16T02:00:00Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20131114 Cisco Nexus 1000V Arbitrary Command Execution Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5556"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31774"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-5556",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The license-installation module on the Cisco Nexus 1000V switch 4.2(1)SV1(5.2b) and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.2(1)SM1(5.1) for Microsoft Hyper-V, and Cisco Virtual Security Gateway 4.2(1)VSG1(1) for Nexus 1000V switches allows local users to gain privileges and execute arbitrary commands via crafted \"install all iso\" arguments, aka Bug ID CSCui21340."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20131114 Cisco Nexus 1000V Arbitrary Command Execution Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5556"
            },
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31774",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31774"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-5556",
    "datePublished": "2013-11-16T02:00:00Z",
    "dateReserved": "2013-08-22T00:00:00Z",
    "dateUpdated": "2024-09-17T01:36:02.087Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:nexus_1000v:4.2\\\\(1\\\\)vsg1\\\\(1\\\\):-:*:*:*:nexus_1000v:*:*\", \"matchCriteriaId\": \"AA97328A-5DF2-4C01-99C4-1D24077A9A1F\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:nexus_1000v:5.2\\\\(1\\\\)sm1\\\\(5.1\\\\):-:*:*:*:microsoft_hyper-v:*:*\", \"matchCriteriaId\": \"C6B1D4A5-9F33-487C-A798-096CA1F1B9D3\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:nexus_1000v:*:-:*:*:*:vmware_vsphere:*:*\", \"versionEndIncluding\": \"4.2\\\\(1\\\\)sv1\\\\(5.2b\\\\)\", \"matchCriteriaId\": \"73EFA484-4033-4868-A733-F65B02B7B752\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:nexus_1000v:4.2\\\\(1\\\\)_sv1\\\\(4\\\\):-:*:*:*:vmware_vsphere:*:*\", \"matchCriteriaId\": \"64AD054B-953C-46F1-99A3-AB3DE35FE695\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:nexus_1000v:4.2\\\\(1\\\\)_sv1\\\\(4a\\\\):-:*:*:*:vmware_vsphere:*:*\", \"matchCriteriaId\": \"9C9675A0-9933-4EA9-991D-D3B6F775F88C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:nexus_1000v:4.2\\\\(1\\\\)_sv1\\\\(4b\\\\):-:*:*:*:vmware_vsphere:*:*\", \"matchCriteriaId\": \"75BF9F0F-980B-4BD0-B48B-A8191B660889\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:nexus_1000v:4.2\\\\(1\\\\)sv1\\\\(5.1\\\\):-:*:*:*:vmware_vsphere:*:*\", \"matchCriteriaId\": \"719A5726-4049-4BDD-8BF9-41E2D8E8FF41\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:nexus_1000v:4.2\\\\(1\\\\)sv1\\\\(5.1a\\\\):-:*:*:*:vmware_vsphere:*:*\", \"matchCriteriaId\": \"5A87AEED-3CC1-4D78-9F31-9CF9702351D7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:nexus_1000v:4.2\\\\(1\\\\)sv1\\\\(5.2\\\\):-:*:*:*:vmware_vsphere:*:*\", \"matchCriteriaId\": \"B59A502A-467B-464B-9B81-46D08B75ED84\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The license-installation module on the Cisco Nexus 1000V switch 4.2(1)SV1(5.2b) and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.2(1)SM1(5.1) for Microsoft Hyper-V, and Cisco Virtual Security Gateway 4.2(1)VSG1(1) for Nexus 1000V switches allows local users to gain privileges and execute arbitrary commands via crafted \\\"install all iso\\\" arguments, aka Bug ID CSCui21340.\"}, {\"lang\": \"es\", \"value\": \"El m\\u00f3dulo license-installation en el switch Cisco Nexus 1000V 4.2(1)SV1(5.2b) y anteriores para VMware vSphere, switch Cisco Nexus 1000V 5.2(1)SM1(5.1) para Microsoft Hyper-V, y Cisco Virtual Security Gateway 4.2(1)VSG1(1) para switches Nexus 1000V permite a usuarios locales obtener privilegios y ejecutar comandos arbitrarios a trav\\u00e9s de argumentos \\\"install all iso\\\" manipulados, tambi\\u00e9n conocido como Bug ID CSCui21340.\"}]",
      "id": "CVE-2013-5556",
      "lastModified": "2024-11-21T01:57:41.837",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:S/C:C/I:C/A:C\", \"baseScore\": 6.8, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.1, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2013-11-18T03:55:06.040",
      "references": "[{\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5556\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://tools.cisco.com/security/center/viewAlert.x?alertId=31774\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5556\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://tools.cisco.com/security/center/viewAlert.x?alertId=31774\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2013-5556\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2013-11-18T03:55:06.040\",\"lastModified\":\"2024-11-21T01:57:41.837\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The license-installation module on the Cisco Nexus 1000V switch 4.2(1)SV1(5.2b) and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.2(1)SM1(5.1) for Microsoft Hyper-V, and Cisco Virtual Security Gateway 4.2(1)VSG1(1) for Nexus 1000V switches allows local users to gain privileges and execute arbitrary commands via crafted \\\"install all iso\\\" arguments, aka Bug ID CSCui21340.\"},{\"lang\":\"es\",\"value\":\"El m\u00f3dulo license-installation en el switch Cisco Nexus 1000V 4.2(1)SV1(5.2b) y anteriores para VMware vSphere, switch Cisco Nexus 1000V 5.2(1)SM1(5.1) para Microsoft Hyper-V, y Cisco Virtual Security Gateway 4.2(1)VSG1(1) para switches Nexus 1000V permite a usuarios locales obtener privilegios y ejecutar comandos arbitrarios a trav\u00e9s de argumentos \\\"install all iso\\\" manipulados, tambi\u00e9n conocido como Bug ID CSCui21340.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":6.8,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.1,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:nexus_1000v:4.2\\\\(1\\\\)vsg1\\\\(1\\\\):-:*:*:*:nexus_1000v:*:*\",\"matchCriteriaId\":\"AA97328A-5DF2-4C01-99C4-1D24077A9A1F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:nexus_1000v:5.2\\\\(1\\\\)sm1\\\\(5.1\\\\):-:*:*:*:microsoft_hyper-v:*:*\",\"matchCriteriaId\":\"C6B1D4A5-9F33-487C-A798-096CA1F1B9D3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:nexus_1000v:*:-:*:*:*:vmware_vsphere:*:*\",\"versionEndIncluding\":\"4.2\\\\(1\\\\)sv1\\\\(5.2b\\\\)\",\"matchCriteriaId\":\"73EFA484-4033-4868-A733-F65B02B7B752\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:nexus_1000v:4.2\\\\(1\\\\)_sv1\\\\(4\\\\):-:*:*:*:vmware_vsphere:*:*\",\"matchCriteriaId\":\"64AD054B-953C-46F1-99A3-AB3DE35FE695\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:nexus_1000v:4.2\\\\(1\\\\)_sv1\\\\(4a\\\\):-:*:*:*:vmware_vsphere:*:*\",\"matchCriteriaId\":\"9C9675A0-9933-4EA9-991D-D3B6F775F88C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:nexus_1000v:4.2\\\\(1\\\\)_sv1\\\\(4b\\\\):-:*:*:*:vmware_vsphere:*:*\",\"matchCriteriaId\":\"75BF9F0F-980B-4BD0-B48B-A8191B660889\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:nexus_1000v:4.2\\\\(1\\\\)sv1\\\\(5.1\\\\):-:*:*:*:vmware_vsphere:*:*\",\"matchCriteriaId\":\"719A5726-4049-4BDD-8BF9-41E2D8E8FF41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:nexus_1000v:4.2\\\\(1\\\\)sv1\\\\(5.1a\\\\):-:*:*:*:vmware_vsphere:*:*\",\"matchCriteriaId\":\"5A87AEED-3CC1-4D78-9F31-9CF9702351D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:nexus_1000v:4.2\\\\(1\\\\)sv1\\\\(5.2\\\\):-:*:*:*:vmware_vsphere:*:*\",\"matchCriteriaId\":\"B59A502A-467B-464B-9B81-46D08B75ED84\"}]}]}],\"references\":[{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5556\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tools.cisco.com/security/center/viewAlert.x?alertId=31774\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5556\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tools.cisco.com/security/center/viewAlert.x?alertId=31774\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

ghsa-269h-2wf7-8247

Vulnerability from github

Published

2022-05-17 04:57

Modified

2022-05-17 04:57

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-5556"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-11-18T03:55:00Z",
    "severity": "MODERATE"
  },
  "details": "The license-installation module on the Cisco Nexus 1000V switch 4.2(1)SV1(5.2b) and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.2(1)SM1(5.1) for Microsoft Hyper-V, and Cisco Virtual Security Gateway 4.2(1)VSG1(1) for Nexus 1000V switches allows local users to gain privileges and execute arbitrary commands via crafted \"install all iso\" arguments, aka Bug ID CSCui21340.",
  "id": "GHSA-269h-2wf7-8247",
  "modified": "2022-05-17T04:57:59Z",
  "published": "2022-05-17T04:57:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5556"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5556"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31774"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2013-5556

Vulnerability from fkie_nvd

Published

2013-11-18 03:55

Modified

2024-11-21 01:57

Severity ?

Summary

References

URL	Tags
ykramarz@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5556	Vendor Advisory
ykramarz@cisco.com	http://tools.cisco.com/security/center/viewAlert.x?alertId=31774	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5556	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/viewAlert.x?alertId=31774	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	nexus_1000v	4.2\(1\)vsg1\(1\)
cisco	nexus_1000v	5.2\(1\)sm1\(5.1\)
cisco	nexus_1000v	*
cisco	nexus_1000v	4.2\(1\)_sv1\(4\)
cisco	nexus_1000v	4.2\(1\)_sv1\(4a\)
cisco	nexus_1000v	4.2\(1\)_sv1\(4b\)
cisco	nexus_1000v	4.2\(1\)sv1\(5.1\)
cisco	nexus_1000v	4.2\(1\)sv1\(5.1a\)
cisco	nexus_1000v	4.2\(1\)sv1\(5.2\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:nexus_1000v:4.2\\(1\\)vsg1\\(1\\):-:*:*:*:nexus_1000v:*:*",
              "matchCriteriaId": "AA97328A-5DF2-4C01-99C4-1D24077A9A1F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:nexus_1000v:5.2\\(1\\)sm1\\(5.1\\):-:*:*:*:microsoft_hyper-v:*:*",
              "matchCriteriaId": "C6B1D4A5-9F33-487C-A798-096CA1F1B9D3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:nexus_1000v:*:-:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "73EFA484-4033-4868-A733-F65B02B7B752",
              "versionEndIncluding": "4.2\\(1\\)sv1\\(5.2b\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_1000v:4.2\\(1\\)_sv1\\(4\\):-:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "64AD054B-953C-46F1-99A3-AB3DE35FE695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_1000v:4.2\\(1\\)_sv1\\(4a\\):-:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "9C9675A0-9933-4EA9-991D-D3B6F775F88C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_1000v:4.2\\(1\\)_sv1\\(4b\\):-:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "75BF9F0F-980B-4BD0-B48B-A8191B660889",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_1000v:4.2\\(1\\)sv1\\(5.1\\):-:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "719A5726-4049-4BDD-8BF9-41E2D8E8FF41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_1000v:4.2\\(1\\)sv1\\(5.1a\\):-:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "5A87AEED-3CC1-4D78-9F31-9CF9702351D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_1000v:4.2\\(1\\)sv1\\(5.2\\):-:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B59A502A-467B-464B-9B81-46D08B75ED84",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The license-installation module on the Cisco Nexus 1000V switch 4.2(1)SV1(5.2b) and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.2(1)SM1(5.1) for Microsoft Hyper-V, and Cisco Virtual Security Gateway 4.2(1)VSG1(1) for Nexus 1000V switches allows local users to gain privileges and execute arbitrary commands via crafted \"install all iso\" arguments, aka Bug ID CSCui21340."
    },
    {
      "lang": "es",
      "value": "El m\u00f3dulo license-installation en el switch Cisco Nexus 1000V 4.2(1)SV1(5.2b) y anteriores para VMware vSphere, switch Cisco Nexus 1000V 5.2(1)SM1(5.1) para Microsoft Hyper-V, y Cisco Virtual Security Gateway 4.2(1)VSG1(1) para switches Nexus 1000V permite a usuarios locales obtener privilegios y ejecutar comandos arbitrarios a trav\u00e9s de argumentos \"install all iso\" manipulados, tambi\u00e9n conocido como Bug ID CSCui21340."
    }
  ],
  "id": "CVE-2013-5556",
  "lastModified": "2024-11-21T01:57:41.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.8,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-11-18T03:55:06.040",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5556"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31774"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5556"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31774"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

The license-installation module on the Cisco Nexus 1000V switch 4.2(1)SV1(5.2b) and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.2(1)SM1(5.1) for Microsoft Hyper-V, and Cisco Virtual Security Gateway 4.2(1)VSG1(1) for Nexus 1000V switches allows local users to gain privileges and execute arbitrary commands via crafted "install all iso" arguments, aka Bug ID CSCui21340. Because the install all iso command fails to properly filter user input, the local attacker is allowed to submit the specially configured parameters to the install all iso command to execute the shell command. Local authenticated attackers can exploit this issue to execute arbitrary commands on the underlying operating system. This issue is being tracked by Cisco bug ID CSCui21340. The software is used to replace the built-in distributed virtual switch of Vmware, and includes two components: the virtual Ethernet module (VEM) running inside the hypervisor and the external virtual control engine module (VSM) that manages the VEM

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201311-0297",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "nexus 1000v",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "5.2\\(1\\)sm1\\(5.1\\)"
      },
      {
        "model": "nexus 1000v",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "4.2\\(1\\)sv1\\(5.2\\)"
      },
      {
        "model": "nexus 1000v",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "4.2\\(1\\)_sv1\\(4a\\)"
      },
      {
        "model": "nexus 1000v",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "4.2\\(1\\)_sv1\\(4b\\)"
      },
      {
        "model": "nexus 1000v",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "4.2\\(1\\)_sv1\\(4\\)"
      },
      {
        "model": "nexus 1000v",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "4.2\\(1\\)sv1\\(5.1\\)"
      },
      {
        "model": "nexus 1000v",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "4.2\\(1\\)sv1\\(5.1a\\)"
      },
      {
        "model": "nexus 1000v",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "4.2\\(1\\)vsg1\\(1\\)"
      },
      {
        "model": "nexus 1000v",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.2\\(1\\)sv1\\(5.2b\\)"
      },
      {
        "model": "nexus 1000v switch",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "switch  microsoft hyper-v for  5.2(1)sm1(5.1)"
      },
      {
        "model": "nexus 1000v switch",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "switch  vmware vsphere for  4.2(1)sv1(5.2b)"
      },
      {
        "model": "nexus 1000v switch",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "for switch  cisco virtual security gateway 4.2(1)vsg1(1)"
      },
      {
        "model": "nexus",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "1000v"
      },
      {
        "model": "nexus 1000v",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "4.2\\(1\\)sv1\\(5.2b\\)"
      },
      {
        "model": "nexus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-14509"
      },
      {
        "db": "BID",
        "id": "63732"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005152"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5556"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-241"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:nexus_1000v:4.2\\(1\\)vsg1\\(1\\):-:*:*:*:nexus_1000v:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:nexus_1000v:5.2\\(1\\)sm1\\(5.1\\):-:*:*:*:microsoft_hyper-v:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:nexus_1000v:4.2\\(1\\)sv1\\(5.1a\\):-:*:*:*:vmware_vsphere:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:nexus_1000v:4.2\\(1\\)sv1\\(5.1\\):-:*:*:*:vmware_vsphere:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:nexus_1000v:4.2\\(1\\)_sv1\\(4b\\):-:*:*:*:vmware_vsphere:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:nexus_1000v:4.2\\(1\\)_sv1\\(4a\\):-:*:*:*:vmware_vsphere:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:nexus_1000v:*:-:*:*:*:vmware_vsphere:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.2\\(1\\)sv1\\(5.2b\\)",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:nexus_1000v:4.2\\(1\\)sv1\\(5.2\\):-:*:*:*:vmware_vsphere:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:nexus_1000v:4.2\\(1\\)_sv1\\(4\\):-:*:*:*:vmware_vsphere:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-5556"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "63732"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2013-5556",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.8,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.1,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 6.8,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2013-5556",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.8,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.1,
            "id": "CNVD-2013-14509",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.8,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.1,
            "id": "VHN-65558",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2013-5556",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2013-14509",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201311-241",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-65558",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-14509"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65558"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005152"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5556"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-241"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The license-installation module on the Cisco Nexus 1000V switch 4.2(1)SV1(5.2b) and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.2(1)SM1(5.1) for Microsoft Hyper-V, and Cisco Virtual Security Gateway 4.2(1)VSG1(1) for Nexus 1000V switches allows local users to gain privileges and execute arbitrary commands via crafted \"install all iso\" arguments, aka Bug ID CSCui21340. Because the install all iso command fails to properly filter user input, the local attacker is allowed to submit the specially configured parameters to the install all iso command to execute the shell command. \nLocal authenticated attackers can exploit this issue to execute arbitrary commands on the underlying operating system. \nThis issue is being tracked by Cisco bug ID CSCui21340. The software is used to replace the built-in distributed virtual switch of Vmware, and includes two components: the virtual Ethernet module (VEM) running inside the hypervisor and the external virtual control engine module (VSM) that manages the VEM",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-5556"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005152"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-14509"
      },
      {
        "db": "BID",
        "id": "63732"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65558"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-5556",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "63732",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005152",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-241",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-14509",
        "trust": 0.6
      },
      {
        "db": "CISCO",
        "id": "20131114 CISCO NEXUS 1000V ARBITRARY COMMAND EXECUTION VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-65558",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-14509"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65558"
      },
      {
        "db": "BID",
        "id": "63732"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005152"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5556"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-241"
      }
    ]
  },
  "id": "VAR-201311-0297",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-14509"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65558"
      }
    ],
    "trust": 1.297479
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-14509"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:49:04.735000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Cisco Nexus 1000V Arbitrary Command Execution Vulnerability",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-5556"
      },
      {
        "title": "31774",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=31774"
      },
      {
        "title": "Patch for Cisco Nexus 1000V Local Arbitrary Command Execution Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/41143"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-14509"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005152"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-65558"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005152"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5556"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-5556"
      },
      {
        "trust": 1.7,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=31774"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5556"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5556"
      },
      {
        "trust": 0.6,
        "url": "http://tools.cisco.com/support/bugtoolkit/search/getbugdetails.do?method=fetchbugdetails\u0026bugid=cscui21340"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-14509"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65558"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005152"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5556"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-241"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-14509"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65558"
      },
      {
        "db": "BID",
        "id": "63732"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005152"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5556"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-241"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-11-18T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2013-14509"
      },
      {
        "date": "2013-11-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-65558"
      },
      {
        "date": "2013-11-14T00:00:00",
        "db": "BID",
        "id": "63732"
      },
      {
        "date": "2013-11-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-005152"
      },
      {
        "date": "2013-11-18T03:55:06.040000",
        "db": "NVD",
        "id": "CVE-2013-5556"
      },
      {
        "date": "2013-11-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201311-241"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-11-18T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2013-14509"
      },
      {
        "date": "2013-11-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-65558"
      },
      {
        "date": "2013-11-19T00:46:00",
        "db": "BID",
        "id": "63732"
      },
      {
        "date": "2013-11-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-005152"
      },
      {
        "date": "2013-11-20T17:40:09.883000",
        "db": "NVD",
        "id": "CVE-2013-5556"
      },
      {
        "date": "2013-11-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201311-241"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "63732"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-241"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Nexus 1000V Switch and  Nexus 1000V For switch  Cisco Virtual Security Gateway Vulnerability gained in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005152"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-241"
      }
    ],
    "trust": 0.6
  }
}

gsd-2013-5556

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2013-5556

Aliases

CVE-2013-5556

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-5556",
    "description": "The license-installation module on the Cisco Nexus 1000V switch 4.2(1)SV1(5.2b) and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.2(1)SM1(5.1) for Microsoft Hyper-V, and Cisco Virtual Security Gateway 4.2(1)VSG1(1) for Nexus 1000V switches allows local users to gain privileges and execute arbitrary commands via crafted \"install all iso\" arguments, aka Bug ID CSCui21340.",
    "id": "GSD-2013-5556"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-5556"
      ],
      "details": "The license-installation module on the Cisco Nexus 1000V switch 4.2(1)SV1(5.2b) and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.2(1)SM1(5.1) for Microsoft Hyper-V, and Cisco Virtual Security Gateway 4.2(1)VSG1(1) for Nexus 1000V switches allows local users to gain privileges and execute arbitrary commands via crafted \"install all iso\" arguments, aka Bug ID CSCui21340.",
      "id": "GSD-2013-5556",
      "modified": "2023-12-13T01:22:21.657171Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2013-5556",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The license-installation module on the Cisco Nexus 1000V switch 4.2(1)SV1(5.2b) and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.2(1)SM1(5.1) for Microsoft Hyper-V, and Cisco Virtual Security Gateway 4.2(1)VSG1(1) for Nexus 1000V switches allows local users to gain privileges and execute arbitrary commands via crafted \"install all iso\" arguments, aka Bug ID CSCui21340."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20131114 Cisco Nexus 1000V Arbitrary Command Execution Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5556"
          },
          {
            "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31774",
            "refsource": "CONFIRM",
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31774"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:nexus_1000v:4.2\\(1\\)vsg1\\(1\\):-:*:*:*:nexus_1000v:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:nexus_1000v:5.2\\(1\\)sm1\\(5.1\\):-:*:*:*:microsoft_hyper-v:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:nexus_1000v:4.2\\(1\\)sv1\\(5.1a\\):-:*:*:*:vmware_vsphere:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:nexus_1000v:4.2\\(1\\)sv1\\(5.1\\):-:*:*:*:vmware_vsphere:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:nexus_1000v:4.2\\(1\\)_sv1\\(4b\\):-:*:*:*:vmware_vsphere:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:nexus_1000v:4.2\\(1\\)_sv1\\(4a\\):-:*:*:*:vmware_vsphere:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:nexus_1000v:*:-:*:*:*:vmware_vsphere:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.2\\(1\\)sv1\\(5.2b\\)",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:nexus_1000v:4.2\\(1\\)sv1\\(5.2\\):-:*:*:*:vmware_vsphere:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:nexus_1000v:4.2\\(1\\)_sv1\\(4\\):-:*:*:*:vmware_vsphere:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-5556"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The license-installation module on the Cisco Nexus 1000V switch 4.2(1)SV1(5.2b) and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.2(1)SM1(5.1) for Microsoft Hyper-V, and Cisco Virtual Security Gateway 4.2(1)VSG1(1) for Nexus 1000V switches allows local users to gain privileges and execute arbitrary commands via crafted \"install all iso\" arguments, aka Bug ID CSCui21340."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31774",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31774"
            },
            {
              "name": "20131114 Cisco Nexus 1000V Arbitrary Command Execution Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5556"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.8,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.1,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2013-11-20T17:40Z",
      "publishedDate": "2013-11-18T03:55Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2013-5556

Vulnerability from cvelistv5

ghsa-269h-2wf7-8247

Vulnerability from github

CVE-2013-5556

Vulnerability from fkie_nvd

var-201311-0297

Vulnerability from variot

gsd-2013-5556

Vulnerability from gsd

Tags

Sightings

Nomenclature