var-201310-0008
Vulnerability from variot
The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to obtain sensitive configuration-file information by leveraging the network-operator role, aka Bug ID CSCti09089. The Cisco Nexus Series switches are data center switches. Adopt the Cisco Nexus OS operating system. Users who have the network-operator role can view the configuration file and get sensitive information because the configuration file is not properly filtered. This may result in further attacks. This issue is being tracked by Cisco Bug ID CSCti09089
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201310-0008",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nx-os",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "nexus 7000 10-slot",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "nexus 7000",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "nexus 7000 9-slot",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "nexus 7000 18-slot",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "nexus 7000 10 slot switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "nexus 7000 18 slot switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "nexus 7000 9 slot switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "nexus 7000 series switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "4.1.(2) to 5.0.(5)"
},
{
"model": "nx-os software",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0(3)"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2(6)"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2(5)"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2(4)"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2(3)"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1(4)"
},
{
"model": "nexus",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "70000"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13506"
},
{
"db": "BID",
"id": "62841"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004520"
},
{
"db": "NVD",
"id": "CVE-2012-4090"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-015"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:nx-os:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:nexus_7000_18-slot:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:nexus_7000_10-slot:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:nexus_7000_9-slot:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4090"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "62841"
}
],
"trust": 0.3
},
"cve": "CVE-2012-4090",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2012-4090",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2013-13506",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-57371",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-4090",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2013-13506",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201310-015",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-57371",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13506"
},
{
"db": "VULHUB",
"id": "VHN-57371"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004520"
},
{
"db": "NVD",
"id": "CVE-2012-4090"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-015"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to obtain sensitive configuration-file information by leveraging the network-operator role, aka Bug ID CSCti09089. The Cisco Nexus Series switches are data center switches. Adopt the Cisco Nexus OS operating system. Users who have the network-operator role can view the configuration file and get sensitive information because the configuration file is not properly filtered. This may result in further attacks. \nThis issue is being tracked by Cisco Bug ID CSCti09089",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4090"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004520"
},
{
"db": "CNVD",
"id": "CNVD-2013-13506"
},
{
"db": "BID",
"id": "62841"
},
{
"db": "VULHUB",
"id": "VHN-57371"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-4090",
"trust": 3.4
},
{
"db": "BID",
"id": "62841",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1029158",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "98123",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "55206",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004520",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201310-015",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-13506",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20131004 CISCO NEXUS 7000 INFORMATION DISCLOSURE VULNERABILITY",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-57371",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13506"
},
{
"db": "VULHUB",
"id": "VHN-57371"
},
{
"db": "BID",
"id": "62841"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004520"
},
{
"db": "NVD",
"id": "CVE-2012-4090"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-015"
}
]
},
"id": "VAR-201310-0008",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13506"
},
{
"db": "VULHUB",
"id": "VHN-57371"
}
],
"trust": 1.3794213
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13506"
}
]
},
"last_update_date": "2023-12-18T13:20:05.377000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco Nexus 7000 Information Disclosure Vulnerability",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4090"
},
{
"title": "31137",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=31137"
},
{
"title": "Patch for the Cisco Nexus 7000 Series Switch NX-OS Remote Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/40043"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13506"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004520"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57371"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004520"
},
{
"db": "NVD",
"id": "CVE-2012-4090"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4090"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/62841"
},
{
"trust": 1.1,
"url": "http://osvdb.org/98123"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1029158"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/55206"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87670"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4090"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4090"
},
{
"trust": 0.6,
"url": "http://tools.cisco.com/support/bugtoolkit/search/getbugdetails.do?method=fetchbugdetails\u0026bugid=cscti09089"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13506"
},
{
"db": "VULHUB",
"id": "VHN-57371"
},
{
"db": "BID",
"id": "62841"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004520"
},
{
"db": "NVD",
"id": "CVE-2012-4090"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-015"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-13506"
},
{
"db": "VULHUB",
"id": "VHN-57371"
},
{
"db": "BID",
"id": "62841"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004520"
},
{
"db": "NVD",
"id": "CVE-2012-4090"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-015"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-10-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13506"
},
{
"date": "2013-10-05T00:00:00",
"db": "VULHUB",
"id": "VHN-57371"
},
{
"date": "2013-10-04T00:00:00",
"db": "BID",
"id": "62841"
},
{
"date": "2013-10-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004520"
},
{
"date": "2013-10-05T10:55:03.307000",
"db": "NVD",
"id": "CVE-2012-4090"
},
{
"date": "2013-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-015"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-10-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13506"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-57371"
},
{
"date": "2013-10-09T01:06:00",
"db": "BID",
"id": "62841"
},
{
"date": "2013-10-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004520"
},
{
"date": "2017-08-29T01:32:09.900000",
"db": "NVD",
"id": "CVE-2012-4090"
},
{
"date": "2013-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-015"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-015"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nexus 7000 Runs on the device Cisco NX-OS Vulnerability in obtaining information on important configuration files",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004520"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-015"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.