var-201312-0020
Vulnerability from variot
Directory traversal vulnerability in tar in Cisco NX-OS allows local users to access arbitrary files via crafted command-line arguments, aka Bug IDs CSCty07157, CSCty07159, CSCty07162, and CSCty07164. Cisco NX-OS of tar Contains a directory traversal vulnerability. The Cisco Nexus Series switches are data center switches. Adopt the Cisco Nexus OS operating system. Since the program fails to properly filter the input submitted by the user, the local attacker can access any file through the tar command. Cisco NX-OS is prone to a local arbitrary file-access vulnerability because it fails to sanitize user-supplied input. Local attackers can exploit this issue to access arbitrary files using directory-traversal strings. This may lead to further attacks. This issue is being tracked by Cisco Bug IDs CSCty07157, CSCty07159, CSCty07162, and CSCty07164
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201312-0020",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nx-os",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "0"
},
{
"model": "nx-os",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "6.1(4a)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15518"
},
{
"db": "BID",
"id": "64455"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005658"
},
{
"db": "NVD",
"id": "CVE-2012-4131"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-431"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:nx-os:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4131"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "64455"
}
],
"trust": 0.3
},
"cve": "CVE-2012-4131",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.1,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.6,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2012-4131",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.1,
"id": "CNVD-2013-15518",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.1,
"id": "VHN-57412",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:S/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-4131",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2013-15518",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201312-431",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-57412",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15518"
},
{
"db": "VULHUB",
"id": "VHN-57412"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005658"
},
{
"db": "NVD",
"id": "CVE-2012-4131"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-431"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in tar in Cisco NX-OS allows local users to access arbitrary files via crafted command-line arguments, aka Bug IDs CSCty07157, CSCty07159, CSCty07162, and CSCty07164. Cisco NX-OS of tar Contains a directory traversal vulnerability. The Cisco Nexus Series switches are data center switches. Adopt the Cisco Nexus OS operating system. Since the program fails to properly filter the input submitted by the user, the local attacker can access any file through the tar command. Cisco NX-OS is prone to a local arbitrary file-access vulnerability because it fails to sanitize user-supplied input. \nLocal attackers can exploit this issue to access arbitrary files using directory-traversal strings. This may lead to further attacks. \nThis issue is being tracked by Cisco Bug IDs CSCty07157, CSCty07159, CSCty07162, and CSCty07164",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4131"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005658"
},
{
"db": "CNVD",
"id": "CNVD-2013-15518"
},
{
"db": "BID",
"id": "64455"
},
{
"db": "VULHUB",
"id": "VHN-57412"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-4131",
"trust": 3.4
},
{
"db": "BID",
"id": "64455",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005658",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201312-431",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-15518",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20131219 CISCO NX-OS ARBITRARY FILE ACCESS VULNERABILITY",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-57412",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15518"
},
{
"db": "VULHUB",
"id": "VHN-57412"
},
{
"db": "BID",
"id": "64455"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005658"
},
{
"db": "NVD",
"id": "CVE-2012-4131"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-431"
}
]
},
"id": "VAR-201312-0020",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15518"
},
{
"db": "VULHUB",
"id": "VHN-57412"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15518"
}
]
},
"last_update_date": "2023-12-18T12:58:04.444000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco NX-OS Arbitrary File Access Vulnerability",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4131"
},
{
"title": "32244",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=32244"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005658"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57412"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005658"
},
{
"db": "NVD",
"id": "CVE-2012-4131"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4131"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4131"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4131"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15518"
},
{
"db": "VULHUB",
"id": "VHN-57412"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005658"
},
{
"db": "NVD",
"id": "CVE-2012-4131"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-431"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-15518"
},
{
"db": "VULHUB",
"id": "VHN-57412"
},
{
"db": "BID",
"id": "64455"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005658"
},
{
"db": "NVD",
"id": "CVE-2012-4131"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-431"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-12-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-15518"
},
{
"date": "2013-12-21T00:00:00",
"db": "VULHUB",
"id": "VHN-57412"
},
{
"date": "2013-12-19T00:00:00",
"db": "BID",
"id": "64455"
},
{
"date": "2013-12-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005658"
},
{
"date": "2013-12-21T14:22:56.033000",
"db": "NVD",
"id": "CVE-2012-4131"
},
{
"date": "2013-12-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-431"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-12-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-15518"
},
{
"date": "2013-12-23T00:00:00",
"db": "VULHUB",
"id": "VHN-57412"
},
{
"date": "2013-12-25T00:59:00",
"db": "BID",
"id": "64455"
},
{
"date": "2013-12-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005658"
},
{
"date": "2013-12-23T16:09:19.753000",
"db": "NVD",
"id": "CVE-2012-4131"
},
{
"date": "2013-12-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-431"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "64455"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-431"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco NX-OS Command Line Interface (CLI) Local Arbitrary File Access Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15518"
},
{
"db": "BID",
"id": "64455"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201312-431"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.