VAR-201310-0034
Vulnerability from variot - Updated: 2023-12-18 12:21The CLI parser in Cisco NX-OS allows local users to bypass intended access restrictions, and overwrite or create arbitrary files, via shell output redirection, aka Bug IDs CSCts56672 and CSCts56669. The Cisco Nexus Series switches are data center switches. Adopt the Cisco Nexus OS operating system. An attacker can exploit this issue to create or overwrite arbitrary files on the affected device. This may aid in further attacks. This issue is being tracked by Cisco bug IDs CSCts56672 and CSCts56669
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201310-0034",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nx-os",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "nx-os",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "nx-os software",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(1)"
},
{
"model": "nx-os 5.1 n1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1(1)"
},
{
"model": "nx-os 5.0 n2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0(3)"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2(6)"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2(4)"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2(3)"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "nexus",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "70000"
},
{
"model": "nexus",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "50000"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13501"
},
{
"db": "BID",
"id": "62843"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004523"
},
{
"db": "NVD",
"id": "CVE-2012-4122"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-018"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:nx-os:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4122"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "62843"
}
],
"trust": 0.3
},
"cve": "CVE-2012-4122",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.1,
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.2,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2012-4122",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.1,
"id": "CNVD-2013-13501",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.1,
"id": "VHN-57403",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:S/C:N/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-4122",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2013-13501",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201310-018",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-57403",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13501"
},
{
"db": "VULHUB",
"id": "VHN-57403"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004523"
},
{
"db": "NVD",
"id": "CVE-2012-4122"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-018"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The CLI parser in Cisco NX-OS allows local users to bypass intended access restrictions, and overwrite or create arbitrary files, via shell output redirection, aka Bug IDs CSCts56672 and CSCts56669. The Cisco Nexus Series switches are data center switches. Adopt the Cisco Nexus OS operating system. \nAn attacker can exploit this issue to create or overwrite arbitrary files on the affected device. This may aid in further attacks. \nThis issue is being tracked by Cisco bug IDs CSCts56672 and CSCts56669",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4122"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004523"
},
{
"db": "CNVD",
"id": "CNVD-2013-13501"
},
{
"db": "BID",
"id": "62843"
},
{
"db": "VULHUB",
"id": "VHN-57403"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-4122",
"trust": 3.4
},
{
"db": "BID",
"id": "62843",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "98121",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004523",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201310-018",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-13501",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20131004 CISCO NX-OS SOFTWARE INPUT VALIDATION VULNERABILITY",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-57403",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13501"
},
{
"db": "VULHUB",
"id": "VHN-57403"
},
{
"db": "BID",
"id": "62843"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004523"
},
{
"db": "NVD",
"id": "CVE-2012-4122"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-018"
}
]
},
"id": "VAR-201310-0034",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13501"
},
{
"db": "VULHUB",
"id": "VHN-57403"
}
],
"trust": 1.3794213
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13501"
}
]
},
"last_update_date": "2023-12-18T12:21:34.267000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco NX-OS Software Input Validation Vulnerability",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4122"
},
{
"title": "The Cisco NX-OS Software CLI parser creates a patch that covers the vulnerability in any file.",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/40059"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13501"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004523"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57403"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004523"
},
{
"db": "NVD",
"id": "CVE-2012-4122"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4122"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/62843"
},
{
"trust": 1.1,
"url": "http://osvdb.org/98121"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87672"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4122"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4122"
},
{
"trust": 0.6,
"url": "http://tools.cisco.com/support/bugtoolkit/search/getbugdetails.do?method=fetchbugdetails\u0026bugid=cscts56672"
},
{
"trust": 0.6,
"url": "http://tools.cisco.com/support/bugtoolkit/search/getbugdetails.do?method=fetchbugdetails\u0026bugid=cscts56669"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13501"
},
{
"db": "VULHUB",
"id": "VHN-57403"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004523"
},
{
"db": "NVD",
"id": "CVE-2012-4122"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-018"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-13501"
},
{
"db": "VULHUB",
"id": "VHN-57403"
},
{
"db": "BID",
"id": "62843"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004523"
},
{
"db": "NVD",
"id": "CVE-2012-4122"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-018"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-10-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13501"
},
{
"date": "2013-10-05T00:00:00",
"db": "VULHUB",
"id": "VHN-57403"
},
{
"date": "2013-10-04T00:00:00",
"db": "BID",
"id": "62843"
},
{
"date": "2013-10-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004523"
},
{
"date": "2013-10-05T10:55:03.400000",
"db": "NVD",
"id": "CVE-2012-4122"
},
{
"date": "2013-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-018"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-10-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13501"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-57403"
},
{
"date": "2013-10-10T17:04:00",
"db": "BID",
"id": "62843"
},
{
"date": "2013-10-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004523"
},
{
"date": "2017-08-29T01:32:10.167000",
"db": "NVD",
"id": "CVE-2012-4122"
},
{
"date": "2013-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-018"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "62843"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-018"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco NX-OS of CLI Vulnerabilities that can bypass access restrictions in parsers",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004523"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-018"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…