cvelistv5 - cve-2014-0676

CVE-2014-0676 (GCVE-0-2014-0676)

Vulnerability from cvelistv5 – Published: 2014-01-22 21:00 – Updated: 2024-08-06 09:27

Summary

Cisco NX-OS allows local users to bypass intended TACACS+ command restrictions via a series of multiple commands, aka Bug ID CSCum47367.

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

Tags

	http://www.securityfocus.com/bid/65083	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id/1029690	vdb-entryx_refsource_SECTRACK
	http://tools.cisco.com/security/center/viewAlert.…	x_refsource_CONFIRM
	http://secunia.com/advisories/56597	third-party-advisoryx_refsource_SECUNIA
	http://tools.cisco.com/security/center/content/Ci…	vendor-advisoryx_refsource_CISCO
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://osvdb.org/102366	vdb-entryx_refsource_OSVDB

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:27:19.174Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "65083",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/65083"
          },
          {
            "name": "1029690",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1029690"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32531"
          },
          {
            "name": "56597",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/56597"
          },
          {
            "name": "20140122 Cisco NX-OS Software TACACS+ Command Authorization Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0676"
          },
          {
            "name": "cisco-nxos-cve20140676-priv-esc(90627)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90627"
          },
          {
            "name": "102366",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/102366"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-01-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco NX-OS allows local users to bypass intended TACACS+ command restrictions via a series of multiple commands, aka Bug ID CSCum47367."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "65083",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/65083"
        },
        {
          "name": "1029690",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1029690"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32531"
        },
        {
          "name": "56597",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/56597"
        },
        {
          "name": "20140122 Cisco NX-OS Software TACACS+ Command Authorization Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0676"
        },
        {
          "name": "cisco-nxos-cve20140676-priv-esc(90627)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90627"
        },
        {
          "name": "102366",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/102366"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2014-0676",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco NX-OS allows local users to bypass intended TACACS+ command restrictions via a series of multiple commands, aka Bug ID CSCum47367."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "65083",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/65083"
            },
            {
              "name": "1029690",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1029690"
            },
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32531",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32531"
            },
            {
              "name": "56597",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/56597"
            },
            {
              "name": "20140122 Cisco NX-OS Software TACACS+ Command Authorization Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0676"
            },
            {
              "name": "cisco-nxos-cve20140676-priv-esc(90627)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90627"
            },
            {
              "name": "102366",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/102366"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2014-0676",
    "datePublished": "2014-01-22T21:00:00",
    "dateReserved": "2014-01-02T00:00:00",
    "dateUpdated": "2024-08-06T09:27:19.174Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:nx-os:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DA35D4AA-24B3-428E-84ED-804EF941E9A9\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cisco NX-OS allows local users to bypass intended TACACS+ command restrictions via a series of multiple commands, aka Bug ID CSCum47367.\"}, {\"lang\": \"es\", \"value\": \"Cisco NX-OS permite a usuarios locales evadir restricciones de comando TACACS+ intencionados a trav\\u00e9s de una serie de m\\u00faltiples comandos, tambi\\u00e9n conocido como Bug ID CSCum47367.\"}]",
      "id": "CVE-2014-0676",
      "lastModified": "2024-11-21T02:02:38.493",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:S/C:C/I:C/A:C\", \"baseScore\": 6.8, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.1, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2014-01-22T21:55:03.607",
      "references": "[{\"url\": \"http://osvdb.org/102366\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://secunia.com/advisories/56597\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0676\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://tools.cisco.com/security/center/viewAlert.x?alertId=32531\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/65083\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1029690\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/90627\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://osvdb.org/102366\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/56597\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0676\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://tools.cisco.com/security/center/viewAlert.x?alertId=32531\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/65083\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1029690\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/90627\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-0676\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2014-01-22T21:55:03.607\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cisco NX-OS allows local users to bypass intended TACACS+ command restrictions via a series of multiple commands, aka Bug ID CSCum47367.\"},{\"lang\":\"es\",\"value\":\"Cisco NX-OS permite a usuarios locales evadir restricciones de comando TACACS+ intencionados a trav\u00e9s de una serie de m\u00faltiples comandos, tambi\u00e9n conocido como Bug ID CSCum47367.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":6.8,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.1,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA35D4AA-24B3-428E-84ED-804EF941E9A9\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/102366\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://secunia.com/advisories/56597\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0676\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tools.cisco.com/security/center/viewAlert.x?alertId=32531\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/65083\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1029690\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/90627\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://osvdb.org/102366\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/56597\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0676\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tools.cisco.com/security/center/viewAlert.x?alertId=32531\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/65083\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1029690\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/90627\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-3482-6G24-6CHG

Vulnerability from github – Published: 2022-05-17 01:28 – Updated: 2022-05-17 01:28

Details

Cisco NX-OS allows local users to bypass intended TACACS+ command restrictions via a series of multiple commands, aka Bug ID CSCum47367.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-0676"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-01-22T21:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Cisco NX-OS allows local users to bypass intended TACACS+ command restrictions via a series of multiple commands, aka Bug ID CSCum47367.",
  "id": "GHSA-3482-6g24-6chg",
  "modified": "2022-05-17T01:28:30Z",
  "published": "2022-05-17T01:28:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0676"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90627"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/102366"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/56597"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0676"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32531"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/65083"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1029690"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2014-0676

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Cisco NX-OS allows local users to bypass intended TACACS+ command restrictions via a series of multiple commands, aka Bug ID CSCum47367.

Aliases

CVE-2014-0676

Aliases

CVE-2014-0676

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-0676",
    "description": "Cisco NX-OS allows local users to bypass intended TACACS+ command restrictions via a series of multiple commands, aka Bug ID CSCum47367.",
    "id": "GSD-2014-0676"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-0676"
      ],
      "details": "Cisco NX-OS allows local users to bypass intended TACACS+ command restrictions via a series of multiple commands, aka Bug ID CSCum47367.",
      "id": "GSD-2014-0676",
      "modified": "2023-12-13T01:22:44.040726Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2014-0676",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cisco NX-OS allows local users to bypass intended TACACS+ command restrictions via a series of multiple commands, aka Bug ID CSCum47367."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "65083",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/65083"
          },
          {
            "name": "1029690",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1029690"
          },
          {
            "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32531",
            "refsource": "CONFIRM",
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32531"
          },
          {
            "name": "56597",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/56597"
          },
          {
            "name": "20140122 Cisco NX-OS Software TACACS+ Command Authorization Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0676"
          },
          {
            "name": "cisco-nxos-cve20140676-priv-esc(90627)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90627"
          },
          {
            "name": "102366",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/102366"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:cisco:nx-os:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2014-0676"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cisco NX-OS allows local users to bypass intended TACACS+ command restrictions via a series of multiple commands, aka Bug ID CSCum47367."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20140122 Cisco NX-OS Software TACACS+ Command Authorization Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0676"
            },
            {
              "name": "65083",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/65083"
            },
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32531",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32531"
            },
            {
              "name": "102366",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/102366"
            },
            {
              "name": "56597",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/56597"
            },
            {
              "name": "1029690",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1029690"
            },
            {
              "name": "cisco-nxos-cve20140676-priv-esc(90627)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90627"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.8,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.1,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-29T01:34Z",
      "publishedDate": "2014-01-22T21:55Z"
    }
  }
}

VAR-201401-0340

Vulnerability from variot - Updated: 2023-12-18 12:38

Cisco NX-OS allows local users to bypass intended TACACS+ command restrictions via a series of multiple commands, aka Bug ID CSCum47367. Cisco NX-OS Is TACACS+ A vulnerability exists that circumvents command restrictions. Cisco NX-OS software is a data center-level operating system that reflects modular design, resiliency, and maintainability. The vulnerability is due to the failure to properly filter the sequence of strings provided by the user, executing multiple commands in a sequence, allowing an attacker to execute unauthorized commands. Cisco NX-OS is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary commands with elevated privileges. This issue is being tracked by Cisco Bug ID CSCum47367. Cisco NX-OS is a data center-oriented operating system developed by Cisco

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201401-0340",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nx-os",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "6.2(2a)"
      },
      {
        "model": "nx-os software",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2(1)"
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.1(1)"
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0(3)"
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(6)"
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(5)"
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(4)"
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2(3)"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-00585"
      },
      {
        "db": "BID",
        "id": "65083"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001234"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0676"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-429"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:cisco:nx-os:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0676"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "65083"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2014-0676",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.8,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.1,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 6.8,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2014-0676",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.8,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.1,
            "id": "CNVD-2014-00585",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.8,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.1,
            "id": "VHN-68169",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-0676",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2014-00585",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201401-429",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-68169",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-00585"
      },
      {
        "db": "VULHUB",
        "id": "VHN-68169"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001234"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0676"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-429"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco NX-OS allows local users to bypass intended TACACS+ command restrictions via a series of multiple commands, aka Bug ID CSCum47367. Cisco NX-OS Is TACACS+ A vulnerability exists that circumvents command restrictions. Cisco NX-OS software is a data center-level operating system that reflects modular design, resiliency, and maintainability. The vulnerability is due to the failure to properly filter the sequence of strings provided by the user, executing multiple commands in a sequence, allowing an attacker to execute unauthorized commands. Cisco NX-OS is prone to a local privilege-escalation vulnerability. \nA local attacker can exploit this issue to execute arbitrary commands    with elevated privileges. \nThis issue is being tracked by Cisco Bug ID CSCum47367. Cisco NX-OS is a data center-oriented operating system developed by Cisco",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0676"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001234"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-00585"
      },
      {
        "db": "BID",
        "id": "65083"
      },
      {
        "db": "VULHUB",
        "id": "VHN-68169"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-0676",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "65083",
        "trust": 2.0
      },
      {
        "db": "OSVDB",
        "id": "102366",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1029690",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "56597",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001234",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-429",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-00585",
        "trust": 0.6
      },
      {
        "db": "CISCO",
        "id": "20140122 CISCO NX-OS SOFTWARE TACACS+ COMMAND AUTHORIZATION VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-68169",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-00585"
      },
      {
        "db": "VULHUB",
        "id": "VHN-68169"
      },
      {
        "db": "BID",
        "id": "65083"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001234"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0676"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-429"
      }
    ]
  },
  "id": "VAR-201401-0340",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-00585"
      },
      {
        "db": "VULHUB",
        "id": "VHN-68169"
      }
    ],
    "trust": 1.4613635999999999
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-00585"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:38:24.380000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Cisco NX-OS Software TACACS+ Command Authorization Vulnerability",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0676"
      },
      {
        "title": "32531",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=32531"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001234"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-68169"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001234"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0676"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0676"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/65083"
      },
      {
        "trust": 1.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=32531"
      },
      {
        "trust": 1.1,
        "url": "http://osvdb.org/102366"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1029690"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/56597"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90627"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0676"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0676"
      },
      {
        "trust": 0.6,
        "url": "https://tools.cisco.com/bugsearch/bug/cscum47367"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-00585"
      },
      {
        "db": "VULHUB",
        "id": "VHN-68169"
      },
      {
        "db": "BID",
        "id": "65083"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001234"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0676"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-429"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-00585"
      },
      {
        "db": "VULHUB",
        "id": "VHN-68169"
      },
      {
        "db": "BID",
        "id": "65083"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001234"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0676"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-429"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-01-24T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2014-00585"
      },
      {
        "date": "2014-01-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-68169"
      },
      {
        "date": "2014-01-22T00:00:00",
        "db": "BID",
        "id": "65083"
      },
      {
        "date": "2014-01-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-001234"
      },
      {
        "date": "2014-01-22T21:55:03.607000",
        "db": "NVD",
        "id": "CVE-2014-0676"
      },
      {
        "date": "2014-01-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201401-429"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-01-24T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2014-00585"
      },
      {
        "date": "2017-08-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-68169"
      },
      {
        "date": "2014-01-24T00:33:00",
        "db": "BID",
        "id": "65083"
      },
      {
        "date": "2014-01-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-001234"
      },
      {
        "date": "2017-08-29T01:34:15.137000",
        "db": "NVD",
        "id": "CVE-2014-0676"
      },
      {
        "date": "2014-01-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201401-429"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "65083"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-429"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco NX-OS Software TACACS+ Server Local Privilege Escalation Vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-00585"
      },
      {
        "db": "BID",
        "id": "65083"
      }
    ],
    "trust": 0.9
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-429"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2014-0676

Vulnerability from fkie_nvd - Published: 2014-01-22 21:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

Cisco NX-OS allows local users to bypass intended TACACS+ command restrictions via a series of multiple commands, aka Bug ID CSCum47367.

References

URL	Tags
psirt@cisco.com	http://osvdb.org/102366
psirt@cisco.com	http://secunia.com/advisories/56597
psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0676	Vendor Advisory
psirt@cisco.com	http://tools.cisco.com/security/center/viewAlert.x?alertId=32531	Vendor Advisory
psirt@cisco.com	http://www.securityfocus.com/bid/65083	Third Party Advisory, VDB Entry
psirt@cisco.com	http://www.securitytracker.com/id/1029690	Third Party Advisory, VDB Entry
psirt@cisco.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/90627
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/102366
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/56597
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0676	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/viewAlert.x?alertId=32531	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/65083	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1029690	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/90627

Impacted products

	Vendor	Product	Version
	cisco	nx-os	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA35D4AA-24B3-428E-84ED-804EF941E9A9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco NX-OS allows local users to bypass intended TACACS+ command restrictions via a series of multiple commands, aka Bug ID CSCum47367."
    },
    {
      "lang": "es",
      "value": "Cisco NX-OS permite a usuarios locales evadir restricciones de comando TACACS+ intencionados a trav\u00e9s de una serie de m\u00faltiples comandos, tambi\u00e9n conocido como Bug ID CSCum47367."
    }
  ],
  "id": "CVE-2014-0676",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.8,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-01-22T21:55:03.607",
  "references": [
    {
      "source": "psirt@cisco.com",
      "url": "http://osvdb.org/102366"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://secunia.com/advisories/56597"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0676"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32531"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/65083"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1029690"
    },
    {
      "source": "psirt@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90627"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/102366"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/56597"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0676"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32531"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/65083"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1029690"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90627"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-0676 (GCVE-0-2014-0676)

GHSA-3482-6G24-6CHG

GSD-2014-0676

VAR-201401-0340

FKIE_CVE-2014-0676

Tags

Sightings

Nomenclature