VAR-201507-0522
Vulnerability from variot - Updated: 2023-12-18 12:20Cisco NX-OS 6.0(2) and 6.2(2) on Nexus devices has an improper OS configuration, which allows local users to obtain root access via unspecified input to the Python interpreter, aka Bug IDs CSCun02887, CSCur00115, and CSCur00127. Cisco Nexus Run on device Cisco NX-OS Is root There is a vulnerability that can gain access. Nexus is Cisco's line of network switches designed for data centers. Cisco NX-OS software is a data center-level operating system that reflects modular design, resiliency, and maintainability. Multiple Cisco products are prone to multiple local privilege escalation vulnerabilities. This issue is being tracked by Cisco Bug ID's CSCun02887, CSCur00115, and CSCur00127
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201507-0522",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nx-os",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.0\\(2\\)"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.2\\(2\\)"
},
{
"model": "mds nx-os software",
"scope": "eq",
"trust": 1.5,
"vendor": "cisco",
"version": "90006.2(2)"
},
{
"model": "mds nx-os software",
"scope": "eq",
"trust": 1.5,
"vendor": "cisco",
"version": "90006.0(2)"
},
{
"model": "mds san-os software",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "6.0(2)"
},
{
"model": "mds san-os software",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "6.2(2)"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "6.0 (2)"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "6.2 (2)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04202"
},
{
"db": "CNVD",
"id": "CNVD-2015-04579"
},
{
"db": "BID",
"id": "75502"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003468"
},
{
"db": "NVD",
"id": "CVE-2015-4234"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-092"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:nx-os:6.0\\(2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:nx-os:6.2\\(2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4234"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "75502"
}
],
"trust": 0.3
},
"cve": "CVE-2015-4234",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2015-4234",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.1,
"id": "CNVD-2015-04202",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.1,
"id": "CNVD-2015-04579",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-82195",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-4234",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-04202",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-04579",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201507-092",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-82195",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04202"
},
{
"db": "CNVD",
"id": "CNVD-2015-04579"
},
{
"db": "VULHUB",
"id": "VHN-82195"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003468"
},
{
"db": "NVD",
"id": "CVE-2015-4234"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-092"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco NX-OS 6.0(2) and 6.2(2) on Nexus devices has an improper OS configuration, which allows local users to obtain root access via unspecified input to the Python interpreter, aka Bug IDs CSCun02887, CSCur00115, and CSCur00127. Cisco Nexus Run on device Cisco NX-OS Is root There is a vulnerability that can gain access. Nexus is Cisco\u0027s line of network switches designed for data centers. Cisco NX-OS software is a data center-level operating system that reflects modular design, resiliency, and maintainability. Multiple Cisco products are prone to multiple local privilege escalation vulnerabilities. \nThis issue is being tracked by Cisco Bug ID\u0027s CSCun02887, CSCur00115, and CSCur00127",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4234"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003468"
},
{
"db": "CNVD",
"id": "CNVD-2015-04202"
},
{
"db": "CNVD",
"id": "CNVD-2015-04579"
},
{
"db": "BID",
"id": "75502"
},
{
"db": "VULHUB",
"id": "VHN-82195"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-4234",
"trust": 4.0
},
{
"db": "BID",
"id": "75502",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1032765",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003468",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201507-092",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-04202",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2015-04579",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-82195",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04202"
},
{
"db": "CNVD",
"id": "CNVD-2015-04579"
},
{
"db": "VULHUB",
"id": "VHN-82195"
},
{
"db": "BID",
"id": "75502"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003468"
},
{
"db": "NVD",
"id": "CVE-2015-4234"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-092"
}
]
},
"id": "VAR-201507-0522",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04202"
},
{
"db": "CNVD",
"id": "CNVD-2015-04579"
},
{
"db": "VULHUB",
"id": "VHN-82195"
}
],
"trust": 1.976136375
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04202"
},
{
"db": "CNVD",
"id": "CNVD-2015-04579"
}
]
},
"last_update_date": "2023-12-18T12:20:48.621000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "39571",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39571"
},
{
"title": "Patch for Cisco Nexus Device Python Subsystem Local Privilege Escalation Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/60293"
},
{
"title": "Cisco NX-OS Python Scripting Engine root privilege to obtain vulnerability patches",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/60929"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04202"
},
{
"db": "CNVD",
"id": "CNVD-2015-04579"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003468"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-82195"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003468"
},
{
"db": "NVD",
"id": "CVE-2015-4234"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39571"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/75502"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032765"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4234"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4234"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04202"
},
{
"db": "CNVD",
"id": "CNVD-2015-04579"
},
{
"db": "VULHUB",
"id": "VHN-82195"
},
{
"db": "BID",
"id": "75502"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003468"
},
{
"db": "NVD",
"id": "CVE-2015-4234"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-092"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-04202"
},
{
"db": "CNVD",
"id": "CNVD-2015-04579"
},
{
"db": "VULHUB",
"id": "VHN-82195"
},
{
"db": "BID",
"id": "75502"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003468"
},
{
"db": "NVD",
"id": "CVE-2015-4234"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-092"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04202"
},
{
"date": "2015-07-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04579"
},
{
"date": "2015-07-03T00:00:00",
"db": "VULHUB",
"id": "VHN-82195"
},
{
"date": "2015-06-30T00:00:00",
"db": "BID",
"id": "75502"
},
{
"date": "2015-07-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003468"
},
{
"date": "2015-07-03T10:59:02.217000",
"db": "NVD",
"id": "CVE-2015-4234"
},
{
"date": "2015-07-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-092"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04202"
},
{
"date": "2015-07-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04579"
},
{
"date": "2016-12-28T00:00:00",
"db": "VULHUB",
"id": "VHN-82195"
},
{
"date": "2015-06-30T00:00:00",
"db": "BID",
"id": "75502"
},
{
"date": "2015-07-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003468"
},
{
"date": "2016-12-28T17:07:37.900000",
"db": "NVD",
"id": "CVE-2015-4234"
},
{
"date": "2015-07-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-092"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "75502"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-092"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Nexus Run on device Cisco NX-OS In root Vulnerability for which access rights are acquired",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003468"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-092"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…