VAR-201312-0020
Vulnerability from variot - Updated: 2023-12-18 12:58Directory traversal vulnerability in tar in Cisco NX-OS allows local users to access arbitrary files via crafted command-line arguments, aka Bug IDs CSCty07157, CSCty07159, CSCty07162, and CSCty07164. Cisco NX-OS of tar Contains a directory traversal vulnerability. The Cisco Nexus Series switches are data center switches. Adopt the Cisco Nexus OS operating system. Since the program fails to properly filter the input submitted by the user, the local attacker can access any file through the tar command. Cisco NX-OS is prone to a local arbitrary file-access vulnerability because it fails to sanitize user-supplied input. Local attackers can exploit this issue to access arbitrary files using directory-traversal strings. This may lead to further attacks. This issue is being tracked by Cisco Bug IDs CSCty07157, CSCty07159, CSCty07162, and CSCty07164
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201312-0020",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nx-os",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "0"
},
{
"model": "nx-os",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "6.1(4a)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15518"
},
{
"db": "BID",
"id": "64455"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005658"
},
{
"db": "NVD",
"id": "CVE-2012-4131"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-431"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:nx-os:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4131"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "64455"
}
],
"trust": 0.3
},
"cve": "CVE-2012-4131",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.1,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.6,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2012-4131",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.1,
"id": "CNVD-2013-15518",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.1,
"id": "VHN-57412",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:S/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-4131",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2013-15518",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201312-431",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-57412",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15518"
},
{
"db": "VULHUB",
"id": "VHN-57412"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005658"
},
{
"db": "NVD",
"id": "CVE-2012-4131"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-431"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in tar in Cisco NX-OS allows local users to access arbitrary files via crafted command-line arguments, aka Bug IDs CSCty07157, CSCty07159, CSCty07162, and CSCty07164. Cisco NX-OS of tar Contains a directory traversal vulnerability. The Cisco Nexus Series switches are data center switches. Adopt the Cisco Nexus OS operating system. Since the program fails to properly filter the input submitted by the user, the local attacker can access any file through the tar command. Cisco NX-OS is prone to a local arbitrary file-access vulnerability because it fails to sanitize user-supplied input. \nLocal attackers can exploit this issue to access arbitrary files using directory-traversal strings. This may lead to further attacks. \nThis issue is being tracked by Cisco Bug IDs CSCty07157, CSCty07159, CSCty07162, and CSCty07164",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4131"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005658"
},
{
"db": "CNVD",
"id": "CNVD-2013-15518"
},
{
"db": "BID",
"id": "64455"
},
{
"db": "VULHUB",
"id": "VHN-57412"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-4131",
"trust": 3.4
},
{
"db": "BID",
"id": "64455",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005658",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201312-431",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-15518",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20131219 CISCO NX-OS ARBITRARY FILE ACCESS VULNERABILITY",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-57412",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15518"
},
{
"db": "VULHUB",
"id": "VHN-57412"
},
{
"db": "BID",
"id": "64455"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005658"
},
{
"db": "NVD",
"id": "CVE-2012-4131"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-431"
}
]
},
"id": "VAR-201312-0020",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15518"
},
{
"db": "VULHUB",
"id": "VHN-57412"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15518"
}
]
},
"last_update_date": "2023-12-18T12:58:04.444000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco NX-OS Arbitrary File Access Vulnerability",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4131"
},
{
"title": "32244",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=32244"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005658"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57412"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005658"
},
{
"db": "NVD",
"id": "CVE-2012-4131"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4131"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4131"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4131"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15518"
},
{
"db": "VULHUB",
"id": "VHN-57412"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005658"
},
{
"db": "NVD",
"id": "CVE-2012-4131"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-431"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-15518"
},
{
"db": "VULHUB",
"id": "VHN-57412"
},
{
"db": "BID",
"id": "64455"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005658"
},
{
"db": "NVD",
"id": "CVE-2012-4131"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-431"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-12-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-15518"
},
{
"date": "2013-12-21T00:00:00",
"db": "VULHUB",
"id": "VHN-57412"
},
{
"date": "2013-12-19T00:00:00",
"db": "BID",
"id": "64455"
},
{
"date": "2013-12-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005658"
},
{
"date": "2013-12-21T14:22:56.033000",
"db": "NVD",
"id": "CVE-2012-4131"
},
{
"date": "2013-12-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-431"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-12-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-15518"
},
{
"date": "2013-12-23T00:00:00",
"db": "VULHUB",
"id": "VHN-57412"
},
{
"date": "2013-12-25T00:59:00",
"db": "BID",
"id": "64455"
},
{
"date": "2013-12-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005658"
},
{
"date": "2013-12-23T16:09:19.753000",
"db": "NVD",
"id": "CVE-2012-4131"
},
{
"date": "2013-12-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-431"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "64455"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-431"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco NX-OS Command Line Interface (CLI) Local Arbitrary File Access Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15518"
},
{
"db": "BID",
"id": "64455"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201312-431"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…