VAR-201507-0519
Vulnerability from variot - Updated: 2023-12-18 13:24The Python interpreter in Cisco NX-OS 6.2(8a) on Nexus 7000 devices allows local users to bypass intended access restrictions and delete an arbitrary VDC's files by leveraging administrative privileges in one VDC, aka Bug ID CSCur08416. Vendors have confirmed this vulnerability Bug ID CSCur08416 It is released as.One local user VDC By using the administrator privileges of the VDC Files may be deleted. The Cisco Nexus 7000 Series Switches help create the network foundation platform required for next-generation unified array data centers. After the Cisco Nexus 7000 device is configured with multiple VDCs, there are multiple privilege escalation vulnerabilities in the Python scripting subsystem. Cisco NX-OS Software for Nexus 7000 Series is prone to a local privilege-escalation vulnerability. This could result in a denial of service (DoS) condition on the affected device. This issue is being tracked by Cisco Bug ID CSCur08416
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201507-0519",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nx-os",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.2\\(8a\\)"
},
{
"model": "nexus 7000 series switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "nexus 7700 switch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "6.2(8a)"
},
{
"model": "nexus",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "7000"
},
{
"model": "nx-os software for nexus series 6.2",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7000"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04323"
},
{
"db": "BID",
"id": "75501"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003466"
},
{
"db": "NVD",
"id": "CVE-2015-4231"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-090"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:nx-os:6.2\\(8a\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:nexus_7700:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4231"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jens Krabbenhoeft",
"sources": [
{
"db": "BID",
"id": "75501"
}
],
"trust": 0.3
},
"cve": "CVE-2015-4231",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 3.6,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-4231",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2015-04323",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-82192",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-4231",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNVD",
"id": "CNVD-2015-04323",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201507-090",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-82192",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04323"
},
{
"db": "VULHUB",
"id": "VHN-82192"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003466"
},
{
"db": "NVD",
"id": "CVE-2015-4231"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-090"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Python interpreter in Cisco NX-OS 6.2(8a) on Nexus 7000 devices allows local users to bypass intended access restrictions and delete an arbitrary VDC\u0027s files by leveraging administrative privileges in one VDC, aka Bug ID CSCur08416. Vendors have confirmed this vulnerability Bug ID CSCur08416 It is released as.One local user VDC By using the administrator privileges of the VDC Files may be deleted. The Cisco Nexus 7000 Series Switches help create the network foundation platform required for next-generation unified array data centers. After the Cisco Nexus 7000 device is configured with multiple VDCs, there are multiple privilege escalation vulnerabilities in the Python scripting subsystem. Cisco NX-OS Software for Nexus 7000 Series is prone to a local privilege-escalation vulnerability. This could result in a denial of service (DoS) condition on the affected device. \nThis issue is being tracked by Cisco Bug ID CSCur08416",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4231"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003466"
},
{
"db": "CNVD",
"id": "CNVD-2015-04323"
},
{
"db": "BID",
"id": "75501"
},
{
"db": "VULHUB",
"id": "VHN-82192"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-4231",
"trust": 3.4
},
{
"db": "SECTRACK",
"id": "1032763",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003466",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201507-090",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "30254",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2015-04323",
"trust": 0.6
},
{
"db": "BID",
"id": "75501",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-82192",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04323"
},
{
"db": "VULHUB",
"id": "VHN-82192"
},
{
"db": "BID",
"id": "75501"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003466"
},
{
"db": "NVD",
"id": "CVE-2015-4231"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-090"
}
]
},
"id": "VAR-201507-0519",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04323"
},
{
"db": "VULHUB",
"id": "VHN-82192"
}
],
"trust": 1.297479
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04323"
}
]
},
"last_update_date": "2023-12-18T13:24:45.560000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "39568",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39568"
},
{
"title": "Patch for Cisco Nexus 7000 Device Local Privilege Escalation Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/60498"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04323"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003466"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-82192"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003466"
},
{
"db": "NVD",
"id": "CVE-2015-4231"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39568"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032763"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4231"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4231"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/30254"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04323"
},
{
"db": "VULHUB",
"id": "VHN-82192"
},
{
"db": "BID",
"id": "75501"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003466"
},
{
"db": "NVD",
"id": "CVE-2015-4231"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-090"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-04323"
},
{
"db": "VULHUB",
"id": "VHN-82192"
},
{
"db": "BID",
"id": "75501"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003466"
},
{
"db": "NVD",
"id": "CVE-2015-4231"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-090"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04323"
},
{
"date": "2015-07-03T00:00:00",
"db": "VULHUB",
"id": "VHN-82192"
},
{
"date": "2015-07-01T00:00:00",
"db": "BID",
"id": "75501"
},
{
"date": "2015-07-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003466"
},
{
"date": "2015-07-03T10:59:00.077000",
"db": "NVD",
"id": "CVE-2015-4231"
},
{
"date": "2015-07-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-090"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04323"
},
{
"date": "2016-12-28T00:00:00",
"db": "VULHUB",
"id": "VHN-82192"
},
{
"date": "2015-07-01T00:00:00",
"db": "BID",
"id": "75501"
},
{
"date": "2015-07-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003466"
},
{
"date": "2016-12-28T17:40:54.013000",
"db": "NVD",
"id": "CVE-2015-4231"
},
{
"date": "2015-07-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-090"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "75501"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-090"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Nexus 7000 Run on device Cisco NX-OS of Python Vulnerabilities that can bypass access restrictions in the interpreter",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003466"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-090"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…