var-201507-0519
Vulnerability from variot
The Python interpreter in Cisco NX-OS 6.2(8a) on Nexus 7000 devices allows local users to bypass intended access restrictions and delete an arbitrary VDC's files by leveraging administrative privileges in one VDC, aka Bug ID CSCur08416. Vendors have confirmed this vulnerability Bug ID CSCur08416 It is released as.One local user VDC By using the administrator privileges of the VDC Files may be deleted. The Cisco Nexus 7000 Series Switches help create the network foundation platform required for next-generation unified array data centers. After the Cisco Nexus 7000 device is configured with multiple VDCs, there are multiple privilege escalation vulnerabilities in the Python scripting subsystem. Cisco NX-OS Software for Nexus 7000 Series is prone to a local privilege-escalation vulnerability. This could result in a denial of service (DoS) condition on the affected device. This issue is being tracked by Cisco Bug ID CSCur08416
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201507-0519", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "nx-os", scope: "eq", trust: 1.6, vendor: "cisco", version: "6.2\\(8a\\)", }, { model: "nexus 7000 series switch", scope: null, trust: 0.8, vendor: "cisco", version: null, }, { model: "nexus 7700 switch", scope: null, trust: 0.8, vendor: "cisco", version: null, }, { model: "nx-os", scope: "eq", trust: 0.8, vendor: "cisco", version: "6.2(8a)", }, { model: "nexus", scope: "eq", trust: 0.6, vendor: "cisco", version: "7000", }, { model: "nx-os software for nexus series 6.2", scope: "eq", trust: 0.3, vendor: "cisco", version: "7000", }, ], sources: [ { db: "CNVD", id: "CNVD-2015-04323", }, { db: "BID", id: "75501", }, { db: "JVNDB", id: "JVNDB-2015-003466", }, { db: "NVD", id: "CVE-2015-4231", }, { db: "CNNVD", id: "CNNVD-201507-090", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:cisco:nx-os:6.2\\(8a\\):*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_7700:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2015-4231", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Jens Krabbenhoeft", sources: [ { db: "BID", id: "75501", }, ], trust: 0.3, }, cve: "CVE-2015-4231", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 3.6, confidentialityImpact: "NONE", exploitabilityScore: 3.9, impactScore: 4.9, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "LOW", trust: 1, userInteractionRequired: false, vectorString: "AV:L/AC:L/Au:N/C:N/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Local", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 3.6, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2015-4231", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Low", trust: 0.8, userInteractionRequired: null, vectorString: "AV:L/AC:L/Au:N/C:N/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", exploitabilityScore: 3.9, id: "CNVD-2015-04323", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 3.6, confidentialityImpact: "NONE", exploitabilityScore: 3.9, id: "VHN-82192", impactScore: 4.9, integrityImpact: "PARTIAL", severity: "LOW", trust: 0.1, vectorString: "AV:L/AC:L/AU:N/C:N/I:P/A:P", version: "2.0", }, ], cvssV3: [], severity: [ { author: "NVD", id: "CVE-2015-4231", trust: 1.8, value: "LOW", }, { author: "CNVD", id: "CNVD-2015-04323", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-201507-090", trust: 0.6, value: "LOW", }, { author: "VULHUB", id: "VHN-82192", trust: 0.1, value: "LOW", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2015-04323", }, { db: "VULHUB", id: "VHN-82192", }, { db: "JVNDB", id: "JVNDB-2015-003466", }, { db: "NVD", id: "CVE-2015-4231", }, { db: "CNNVD", id: "CNNVD-201507-090", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The Python interpreter in Cisco NX-OS 6.2(8a) on Nexus 7000 devices allows local users to bypass intended access restrictions and delete an arbitrary VDC's files by leveraging administrative privileges in one VDC, aka Bug ID CSCur08416. Vendors have confirmed this vulnerability Bug ID CSCur08416 It is released as.One local user VDC By using the administrator privileges of the VDC Files may be deleted. The Cisco Nexus 7000 Series Switches help create the network foundation platform required for next-generation unified array data centers. After the Cisco Nexus 7000 device is configured with multiple VDCs, there are multiple privilege escalation vulnerabilities in the Python scripting subsystem. Cisco NX-OS Software for Nexus 7000 Series is prone to a local privilege-escalation vulnerability. This could result in a denial of service (DoS) condition on the affected device. \nThis issue is being tracked by Cisco Bug ID CSCur08416", sources: [ { db: "NVD", id: "CVE-2015-4231", }, { db: "JVNDB", id: "JVNDB-2015-003466", }, { db: "CNVD", id: "CNVD-2015-04323", }, { db: "BID", id: "75501", }, { db: "VULHUB", id: "VHN-82192", }, ], trust: 2.52, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2015-4231", trust: 3.4, }, { db: "SECTRACK", id: "1032763", trust: 1.1, }, { db: "JVNDB", id: "JVNDB-2015-003466", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201507-090", trust: 0.7, }, { db: "NSFOCUS", id: "30254", trust: 0.6, }, { db: "CNVD", id: "CNVD-2015-04323", trust: 0.6, }, { db: "BID", id: "75501", trust: 0.4, }, { db: "VULHUB", id: "VHN-82192", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2015-04323", }, { db: "VULHUB", id: "VHN-82192", }, { db: "BID", id: "75501", }, { db: "JVNDB", id: "JVNDB-2015-003466", }, { db: "NVD", id: "CVE-2015-4231", }, { db: "CNNVD", id: "CNNVD-201507-090", }, ], }, id: "VAR-201507-0519", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2015-04323", }, { db: "VULHUB", id: "VHN-82192", }, ], trust: 1.297479, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2015-04323", }, ], }, last_update_date: "2023-12-18T13:24:45.560000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "39568", trust: 0.8, url: "http://tools.cisco.com/security/center/viewalert.x?alertid=39568", }, { title: "Patch for Cisco Nexus 7000 Device Local Privilege Escalation Vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/60498", }, ], sources: [ { db: "CNVD", id: "CNVD-2015-04323", }, { db: "JVNDB", id: "JVNDB-2015-003466", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-264", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-82192", }, { db: "JVNDB", id: "JVNDB-2015-003466", }, { db: "NVD", id: "CVE-2015-4231", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "http://tools.cisco.com/security/center/viewalert.x?alertid=39568", }, { trust: 1.1, url: "http://www.securitytracker.com/id/1032763", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4231", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4231", }, { trust: 0.6, url: "http://www.nsfocus.net/vulndb/30254", }, { trust: 0.3, url: "http://www.cisco.com/", }, ], sources: [ { db: "CNVD", id: "CNVD-2015-04323", }, { db: "VULHUB", id: "VHN-82192", }, { db: "BID", id: "75501", }, { db: "JVNDB", id: "JVNDB-2015-003466", }, { db: "NVD", id: "CVE-2015-4231", }, { db: "CNNVD", id: "CNNVD-201507-090", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2015-04323", }, { db: "VULHUB", id: "VHN-82192", }, { db: "BID", id: "75501", }, { db: "JVNDB", id: "JVNDB-2015-003466", }, { db: "NVD", id: "CVE-2015-4231", }, { db: "CNNVD", id: "CNNVD-201507-090", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2015-07-08T00:00:00", db: "CNVD", id: "CNVD-2015-04323", }, { date: "2015-07-03T00:00:00", db: "VULHUB", id: "VHN-82192", }, { date: "2015-07-01T00:00:00", db: "BID", id: "75501", }, { date: "2015-07-10T00:00:00", db: "JVNDB", id: "JVNDB-2015-003466", }, { date: "2015-07-03T10:59:00.077000", db: "NVD", id: "CVE-2015-4231", }, { date: "2015-07-06T00:00:00", db: "CNNVD", id: "CNNVD-201507-090", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2015-07-08T00:00:00", db: "CNVD", id: "CNVD-2015-04323", }, { date: "2016-12-28T00:00:00", db: "VULHUB", id: "VHN-82192", }, { date: "2015-07-01T00:00:00", db: "BID", id: "75501", }, { date: "2015-07-10T00:00:00", db: "JVNDB", id: "JVNDB-2015-003466", }, { date: "2016-12-28T17:40:54.013000", db: "NVD", id: "CVE-2015-4231", }, { date: "2015-07-10T00:00:00", db: "CNNVD", id: "CNNVD-201507-090", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "BID", id: "75501", }, { db: "CNNVD", id: "CNNVD-201507-090", }, ], trust: 0.9, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Cisco Nexus 7000 Run on device Cisco NX-OS of Python Vulnerabilities that can bypass access restrictions in the interpreter", sources: [ { db: "JVNDB", id: "JVNDB-2015-003466", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "permissions and access control", sources: [ { db: "CNNVD", id: "CNNVD-201507-090", }, ], trust: 0.6, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.