VAR-201310-0008
Vulnerability from variot - Updated: 2023-12-18 13:20The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to obtain sensitive configuration-file information by leveraging the network-operator role, aka Bug ID CSCti09089. The Cisco Nexus Series switches are data center switches. Adopt the Cisco Nexus OS operating system. Users who have the network-operator role can view the configuration file and get sensitive information because the configuration file is not properly filtered. This may result in further attacks. This issue is being tracked by Cisco Bug ID CSCti09089
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201310-0008",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nx-os",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "nexus 7000 10-slot",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "nexus 7000",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "nexus 7000 9-slot",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "nexus 7000 18-slot",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "nexus 7000 10 slot switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "nexus 7000 18 slot switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "nexus 7000 9 slot switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "nexus 7000 series switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "4.1.(2) to 5.0.(5)"
},
{
"model": "nx-os software",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0(3)"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2(6)"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2(5)"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2(4)"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2(3)"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1(4)"
},
{
"model": "nexus",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "70000"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13506"
},
{
"db": "BID",
"id": "62841"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004520"
},
{
"db": "NVD",
"id": "CVE-2012-4090"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-015"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:nx-os:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:nexus_7000_18-slot:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:nexus_7000_10-slot:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:nexus_7000_9-slot:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4090"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "62841"
}
],
"trust": 0.3
},
"cve": "CVE-2012-4090",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2012-4090",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2013-13506",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-57371",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-4090",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2013-13506",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201310-015",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-57371",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13506"
},
{
"db": "VULHUB",
"id": "VHN-57371"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004520"
},
{
"db": "NVD",
"id": "CVE-2012-4090"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-015"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to obtain sensitive configuration-file information by leveraging the network-operator role, aka Bug ID CSCti09089. The Cisco Nexus Series switches are data center switches. Adopt the Cisco Nexus OS operating system. Users who have the network-operator role can view the configuration file and get sensitive information because the configuration file is not properly filtered. This may result in further attacks. \nThis issue is being tracked by Cisco Bug ID CSCti09089",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4090"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004520"
},
{
"db": "CNVD",
"id": "CNVD-2013-13506"
},
{
"db": "BID",
"id": "62841"
},
{
"db": "VULHUB",
"id": "VHN-57371"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-4090",
"trust": 3.4
},
{
"db": "BID",
"id": "62841",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1029158",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "98123",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "55206",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004520",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201310-015",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-13506",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20131004 CISCO NEXUS 7000 INFORMATION DISCLOSURE VULNERABILITY",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-57371",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13506"
},
{
"db": "VULHUB",
"id": "VHN-57371"
},
{
"db": "BID",
"id": "62841"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004520"
},
{
"db": "NVD",
"id": "CVE-2012-4090"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-015"
}
]
},
"id": "VAR-201310-0008",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13506"
},
{
"db": "VULHUB",
"id": "VHN-57371"
}
],
"trust": 1.3794213
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13506"
}
]
},
"last_update_date": "2023-12-18T13:20:05.377000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco Nexus 7000 Information Disclosure Vulnerability",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4090"
},
{
"title": "31137",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=31137"
},
{
"title": "Patch for the Cisco Nexus 7000 Series Switch NX-OS Remote Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/40043"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13506"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004520"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57371"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004520"
},
{
"db": "NVD",
"id": "CVE-2012-4090"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4090"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/62841"
},
{
"trust": 1.1,
"url": "http://osvdb.org/98123"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1029158"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/55206"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87670"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4090"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4090"
},
{
"trust": 0.6,
"url": "http://tools.cisco.com/support/bugtoolkit/search/getbugdetails.do?method=fetchbugdetails\u0026bugid=cscti09089"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13506"
},
{
"db": "VULHUB",
"id": "VHN-57371"
},
{
"db": "BID",
"id": "62841"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004520"
},
{
"db": "NVD",
"id": "CVE-2012-4090"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-015"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-13506"
},
{
"db": "VULHUB",
"id": "VHN-57371"
},
{
"db": "BID",
"id": "62841"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004520"
},
{
"db": "NVD",
"id": "CVE-2012-4090"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-015"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-10-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13506"
},
{
"date": "2013-10-05T00:00:00",
"db": "VULHUB",
"id": "VHN-57371"
},
{
"date": "2013-10-04T00:00:00",
"db": "BID",
"id": "62841"
},
{
"date": "2013-10-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004520"
},
{
"date": "2013-10-05T10:55:03.307000",
"db": "NVD",
"id": "CVE-2012-4090"
},
{
"date": "2013-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-015"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-10-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13506"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-57371"
},
{
"date": "2013-10-09T01:06:00",
"db": "BID",
"id": "62841"
},
{
"date": "2013-10-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004520"
},
{
"date": "2017-08-29T01:32:09.900000",
"db": "NVD",
"id": "CVE-2012-4090"
},
{
"date": "2013-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-015"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-015"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nexus 7000 Runs on the device Cisco NX-OS Vulnerability in obtaining information on important configuration files",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004520"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-015"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…