var-201307-0229
Vulnerability from variot
The license-installation module in Cisco NX-OS on Nexus 1000V devices allows local users to execute arbitrary commands via crafted "install license" arguments, aka Bug ID CSCuh30824. The Cisco Nexus Series switches are data center switches. Adopt the Cisco Nexus OS operating system. Successful exploits may compromise the affected computer. This issue being tracked by Cisco Bug ID CSCuh30824
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201307-0229", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "nx-os", "scope": "eq", "trust": 1.6, "vendor": "cisco", "version": null }, { "model": "nexus 1000v", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": null }, { "model": "nexus 1000v switch", "scope": null, "trust": 0.8, "vendor": "cisco", "version": null }, { "model": "nx-os", "scope": null, "trust": 0.8, "vendor": "cisco", "version": null }, { "model": "nx-os on nexus devices", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "1000v" }, { "model": "nx-os", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus 4.2 sv1", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1000v" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2013-09368" }, { "db": "BID", "id": "61134" }, { "db": "JVNDB", "id": "JVNDB-2013-003324" }, { "db": "NVD", "id": "CVE-2013-3400" }, { "db": "CNNVD", "id": "CNNVD-201307-211" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:cisco:nx-os:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:cisco:nexus_1000v:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2013-3400" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The vendor reported this issue.", "sources": [ { "db": "BID", "id": "61134" } ], "trust": 0.3 }, "cve": "CVE-2013-3400", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.1, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "Single", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 6.8, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2013-3400", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "SINGLE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 6.6, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 2.7, "id": "CNVD-2013-09368", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:L/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.1, "id": "VHN-63402", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:L/AC:L/AU:S/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2013-3400", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2013-09368", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201307-211", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-63402", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2013-09368" }, { "db": "VULHUB", "id": "VHN-63402" }, { "db": "JVNDB", "id": "JVNDB-2013-003324" }, { "db": "NVD", "id": "CVE-2013-3400" }, { "db": "CNNVD", "id": "CNNVD-201307-211" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The license-installation module in Cisco NX-OS on Nexus 1000V devices allows local users to execute arbitrary commands via crafted \"install license\" arguments, aka Bug ID CSCuh30824. The Cisco Nexus Series switches are data center switches. Adopt the Cisco Nexus OS operating system. Successful exploits may compromise the affected computer. \nThis issue being tracked by Cisco Bug ID CSCuh30824", "sources": [ { "db": "NVD", "id": "CVE-2013-3400" }, { "db": "JVNDB", "id": "JVNDB-2013-003324" }, { "db": "CNVD", "id": "CNVD-2013-09368" }, { "db": "BID", "id": "61134" }, { "db": "VULHUB", "id": "VHN-63402" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2013-3400", "trust": 3.4 }, { "db": "SECTRACK", "id": "1028763", "trust": 1.1 }, { "db": "JVNDB", "id": "JVNDB-2013-003324", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201307-211", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2013-09368", "trust": 0.6 }, { "db": "CISCO", "id": "20130709 CISCO NEXUS 1000V LICENSE INSTALLATION COMMAND INJECTION VULNERABILITY", "trust": 0.6 }, { "db": "BID", "id": "61134", "trust": 0.4 }, { "db": "VULHUB", "id": "VHN-63402", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2013-09368" }, { "db": "VULHUB", "id": "VHN-63402" }, { "db": "BID", "id": "61134" }, { "db": "JVNDB", "id": "JVNDB-2013-003324" }, { "db": "NVD", "id": "CVE-2013-3400" }, { "db": "CNNVD", "id": "CNNVD-201307-211" } ] }, "id": "VAR-201307-0229", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2013-09368" }, { "db": "VULHUB", "id": "VHN-63402" } ], "trust": 1.325 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2013-09368" } ] }, "last_update_date": "2023-12-18T13:14:56.294000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Cisco Nexus 1000V License Installation Command Injection Vulnerability", "trust": 0.8, "url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3400" }, { "title": "30000", "trust": 0.8, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=30000" }, { "title": "Patch for Cisco NX-OS on Nexus arbitrary command execution vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/35100" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2013-09368" }, { "db": "JVNDB", "id": "JVNDB-2013-003324" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-63402" }, { "db": "JVNDB", "id": "JVNDB-2013-003324" }, { "db": "NVD", "id": "CVE-2013-3400" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.6, "url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3400" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1028763" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3400" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3400" }, { "trust": 0.3, "url": "http://www.cisco.com/" }, { "trust": 0.3, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=30000" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2013-09368" }, { "db": "VULHUB", "id": "VHN-63402" }, { "db": "BID", "id": "61134" }, { "db": "JVNDB", "id": "JVNDB-2013-003324" }, { "db": "NVD", "id": "CVE-2013-3400" }, { "db": "CNNVD", "id": "CNNVD-201307-211" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2013-09368" }, { "db": "VULHUB", "id": "VHN-63402" }, { "db": "BID", "id": "61134" }, { "db": "JVNDB", "id": "JVNDB-2013-003324" }, { "db": "NVD", "id": "CVE-2013-3400" }, { "db": "CNNVD", "id": "CNNVD-201307-211" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2013-07-12T00:00:00", "db": "CNVD", "id": "CNVD-2013-09368" }, { "date": "2013-07-10T00:00:00", "db": "VULHUB", "id": "VHN-63402" }, { "date": "2013-07-09T00:00:00", "db": "BID", "id": "61134" }, { "date": "2013-07-12T00:00:00", "db": "JVNDB", "id": "JVNDB-2013-003324" }, { "date": "2013-07-10T20:55:02.090000", "db": "NVD", "id": "CVE-2013-3400" }, { "date": "2013-07-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201307-211" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2013-07-15T00:00:00", "db": "CNVD", "id": "CNVD-2013-09368" }, { "date": "2013-08-20T00:00:00", "db": "VULHUB", "id": "VHN-63402" }, { "date": "2013-07-09T00:00:00", "db": "BID", "id": "61134" }, { "date": "2013-07-12T00:00:00", "db": "JVNDB", "id": "JVNDB-2013-003324" }, { "date": "2013-08-20T03:23:32.347000", "db": "NVD", "id": "CVE-2013-3400" }, { "date": "2013-07-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201307-211" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "BID", "id": "61134" }, { "db": "CNNVD", "id": "CNNVD-201307-211" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Cisco Nexus 1000V Runs on the device Cisco NX-OS Vulnerable to arbitrary command execution", "sources": [ { "db": "JVNDB", "id": "JVNDB-2013-003324" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation", "sources": [ { "db": "CNNVD", "id": "CNNVD-201307-211" } ], "trust": 0.6 } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.