var-201507-0522
Vulnerability from variot
Cisco NX-OS 6.0(2) and 6.2(2) on Nexus devices has an improper OS configuration, which allows local users to obtain root access via unspecified input to the Python interpreter, aka Bug IDs CSCun02887, CSCur00115, and CSCur00127. Cisco Nexus Run on device Cisco NX-OS Is root There is a vulnerability that can gain access. Nexus is Cisco's line of network switches designed for data centers. Cisco NX-OS software is a data center-level operating system that reflects modular design, resiliency, and maintainability. Multiple Cisco products are prone to multiple local privilege escalation vulnerabilities. This issue is being tracked by Cisco Bug ID's CSCun02887, CSCur00115, and CSCur00127
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201507-0522",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nx-os",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.0\\(2\\)"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.2\\(2\\)"
},
{
"model": "mds nx-os software",
"scope": "eq",
"trust": 1.5,
"vendor": "cisco",
"version": "90006.2(2)"
},
{
"model": "mds nx-os software",
"scope": "eq",
"trust": 1.5,
"vendor": "cisco",
"version": "90006.0(2)"
},
{
"model": "mds san-os software",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "6.0(2)"
},
{
"model": "mds san-os software",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "6.2(2)"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "6.0 (2)"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "6.2 (2)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04202"
},
{
"db": "CNVD",
"id": "CNVD-2015-04579"
},
{
"db": "BID",
"id": "75502"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003468"
},
{
"db": "NVD",
"id": "CVE-2015-4234"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-092"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:nx-os:6.0\\(2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:nx-os:6.2\\(2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4234"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "75502"
}
],
"trust": 0.3
},
"cve": "CVE-2015-4234",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2015-4234",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.1,
"id": "CNVD-2015-04202",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.1,
"id": "CNVD-2015-04579",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-82195",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-4234",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-04202",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-04579",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201507-092",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-82195",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04202"
},
{
"db": "CNVD",
"id": "CNVD-2015-04579"
},
{
"db": "VULHUB",
"id": "VHN-82195"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003468"
},
{
"db": "NVD",
"id": "CVE-2015-4234"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-092"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco NX-OS 6.0(2) and 6.2(2) on Nexus devices has an improper OS configuration, which allows local users to obtain root access via unspecified input to the Python interpreter, aka Bug IDs CSCun02887, CSCur00115, and CSCur00127. Cisco Nexus Run on device Cisco NX-OS Is root There is a vulnerability that can gain access. Nexus is Cisco\u0027s line of network switches designed for data centers. Cisco NX-OS software is a data center-level operating system that reflects modular design, resiliency, and maintainability. Multiple Cisco products are prone to multiple local privilege escalation vulnerabilities. \nThis issue is being tracked by Cisco Bug ID\u0027s CSCun02887, CSCur00115, and CSCur00127",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4234"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003468"
},
{
"db": "CNVD",
"id": "CNVD-2015-04202"
},
{
"db": "CNVD",
"id": "CNVD-2015-04579"
},
{
"db": "BID",
"id": "75502"
},
{
"db": "VULHUB",
"id": "VHN-82195"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-4234",
"trust": 4.0
},
{
"db": "BID",
"id": "75502",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1032765",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003468",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201507-092",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-04202",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2015-04579",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-82195",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04202"
},
{
"db": "CNVD",
"id": "CNVD-2015-04579"
},
{
"db": "VULHUB",
"id": "VHN-82195"
},
{
"db": "BID",
"id": "75502"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003468"
},
{
"db": "NVD",
"id": "CVE-2015-4234"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-092"
}
]
},
"id": "VAR-201507-0522",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04202"
},
{
"db": "CNVD",
"id": "CNVD-2015-04579"
},
{
"db": "VULHUB",
"id": "VHN-82195"
}
],
"trust": 1.976136375
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04202"
},
{
"db": "CNVD",
"id": "CNVD-2015-04579"
}
]
},
"last_update_date": "2023-12-18T12:20:48.621000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "39571",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39571"
},
{
"title": "Patch for Cisco Nexus Device Python Subsystem Local Privilege Escalation Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/60293"
},
{
"title": "Cisco NX-OS Python Scripting Engine root privilege to obtain vulnerability patches",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/60929"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04202"
},
{
"db": "CNVD",
"id": "CNVD-2015-04579"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003468"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-82195"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003468"
},
{
"db": "NVD",
"id": "CVE-2015-4234"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39571"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/75502"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032765"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4234"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4234"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04202"
},
{
"db": "CNVD",
"id": "CNVD-2015-04579"
},
{
"db": "VULHUB",
"id": "VHN-82195"
},
{
"db": "BID",
"id": "75502"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003468"
},
{
"db": "NVD",
"id": "CVE-2015-4234"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-092"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-04202"
},
{
"db": "CNVD",
"id": "CNVD-2015-04579"
},
{
"db": "VULHUB",
"id": "VHN-82195"
},
{
"db": "BID",
"id": "75502"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003468"
},
{
"db": "NVD",
"id": "CVE-2015-4234"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-092"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04202"
},
{
"date": "2015-07-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04579"
},
{
"date": "2015-07-03T00:00:00",
"db": "VULHUB",
"id": "VHN-82195"
},
{
"date": "2015-06-30T00:00:00",
"db": "BID",
"id": "75502"
},
{
"date": "2015-07-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003468"
},
{
"date": "2015-07-03T10:59:02.217000",
"db": "NVD",
"id": "CVE-2015-4234"
},
{
"date": "2015-07-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-092"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04202"
},
{
"date": "2015-07-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04579"
},
{
"date": "2016-12-28T00:00:00",
"db": "VULHUB",
"id": "VHN-82195"
},
{
"date": "2015-06-30T00:00:00",
"db": "BID",
"id": "75502"
},
{
"date": "2015-07-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003468"
},
{
"date": "2016-12-28T17:07:37.900000",
"db": "NVD",
"id": "CVE-2015-4234"
},
{
"date": "2015-07-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-092"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "75502"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-092"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Nexus Run on device Cisco NX-OS In root Vulnerability for which access rights are acquired",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003468"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-092"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.