var-201507-0525
Vulnerability from variot
The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491, CSCuv08443, CSCuv08480, CSCuv08448, CSCuu99291, CSCuv08434, and CSCuv08436. Vendors have confirmed this vulnerability Bug ID CSCuv08491 , CSCuv08443 , CSCuv08480 , CSCuv08448 , CSCuu99291 , CSCuv08434 ,and CSCuv08436 It is released as.By the local user, via a crafted character in the file name OS The command may be executed. Nexus is Cisco's line of network switches designed for data centers. The Cisco Nexus Operating System (NX-OS) CLI resolver has a security vulnerability that allows an authenticated local attacker to exploit this vulnerability for elevated privileges. This issue is being tracked by Cisco Bug IDs CSCuv08491, CSCuv08443, CSCuv08480, CSCuv08448, CSCuu99291, CSCuv08434, and CSCuv08436. The following releases are affected: Cisco NX-OS Release 4.1(2)E1(1), Release 6.2(11b), Release 6.2(12), Release 7.2(0)ZZ(99.1), Release 7.2(0)ZZ(99.3) , version 9.1(1)SV1(3.1.8)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201507-0525",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nx-os",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.2\\(0\\)zz\\(99.3\\)"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.2\\(0\\)zz\\(99.1\\)"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.2\\(11b\\)"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.2\\(12\\)"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.1\\(2\\)e1\\(1\\)"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.1\\(1\\)sv1\\(3.1.8\\)"
},
{
"model": "mds 9700",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(cisco mds 9000 nx-os 6.2 (11b))"
},
{
"model": "nexus 5696q switch",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(cisco nx-os 7.2(0)zz(99.1))"
},
{
"model": "nexus 3524 switch",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(cisco nx-os 7.2(0)zz(99.1))"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "7.2(0)zz(99.3)"
},
{
"model": "nexus 3016 switch",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(cisco nx-os 7.2(0)zz(99.1))"
},
{
"model": "mds 9500",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(cisco mds 9000 nx-os 6.2 (11b))"
},
{
"model": "nexus 5548p switch",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(cisco nx-os 7.2(0)zz(99.1))"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "4.1(2)e1(1)"
},
{
"model": "nexus 3048 switch",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(cisco nx-os 7.2(0)zz(99.1))"
},
{
"model": "nexus 9504 switch",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(cisco nx-os 7.2(0)zz(99.3))"
},
{
"model": "nexus 9508 switch",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(cisco nx-os 7.2(0)zz(99.3))"
},
{
"model": "mds 9140",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(cisco mds 9000 nx-os 6.2 (11b))"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "9.1(1)sv1(3.1.8) base"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "7.2(0)zz(99.1)"
},
{
"model": "nexus 3064 switch",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(cisco nx-os 7.2(0)zz(99.1))"
},
{
"model": "nexus 5648q switch",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(cisco nx-os 7.2(0)zz(99.1))"
},
{
"model": "mds 9100 series",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(cisco mds 9000 nx-os 6.2 (11b))"
},
{
"model": "nexus 3172 switch",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(cisco nx-os 7.2(0)zz(99.1))"
},
{
"model": "nexus 4001i switch module for ibm bladecenter",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(cisco nx-os 4.1(2)e1(1))"
},
{
"model": "nexus 9396px switch",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(cisco nx-os 7.2(0)zz(99.3))"
},
{
"model": "nexus 1000v switch",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(cisco nx-os 9.1(1)sv1(3.1.8) base)"
},
{
"model": "nexus 7700 switch",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(cisco nx-os 6.2(12))"
},
{
"model": "nexus 7000 series switch",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(cisco nx-os 6.2(12))"
},
{
"model": "nexus 9516 switch",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(cisco nx-os 7.2(0)zz(99.3))"
},
{
"model": "nexus 3164q switch",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(cisco nx-os 7.2(0)zz(99.1))"
},
{
"model": "nexus 9336pq aci spini switch",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(cisco nx-os 7.2(0)zz(99.3))"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "6.2(12)"
},
{
"model": "nexus 93128tx switch",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(cisco nx-os 7.2(0)zz(99.3))"
},
{
"model": "nexus 5596t switch",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(cisco nx-os 7.2(0)zz(99.1))"
},
{
"model": "nexus 3132q switch",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(cisco nx-os 7.2(0)zz(99.1))"
},
{
"model": "nexus 5672up switch",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(cisco nx-os 7.2(0)zz(99.1))"
},
{
"model": "nexus 3548 switch",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(cisco nx-os 7.2(0)zz(99.1))"
},
{
"model": "nexus 5624q switch",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(cisco nx-os 7.2(0)zz(99.1))"
},
{
"model": "nexus 93120tx switch",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(cisco nx-os 7.2(0)zz(99.3))"
},
{
"model": "nexus 9332pq switch",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(cisco nx-os 7.2(0)zz(99.3))"
},
{
"model": "nexus 9396tx switch",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(cisco nx-os 7.2(0)zz(99.3))"
},
{
"model": "nexus 9372tx switch",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(cisco nx-os 7.2(0)zz(99.3))"
},
{
"model": "nexus 56128p switch",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(cisco nx-os 7.2(0)zz(99.1))"
},
{
"model": "nexus 9372px switch",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(cisco nx-os 7.2(0)zz(99.3))"
},
{
"model": "nexus 5596up switch",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(cisco nx-os 7.2(0)zz(99.1))"
},
{
"model": "nexus 5548up switch",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(cisco nx-os 7.2(0)zz(99.1))"
},
{
"model": "nexus 3232c switch",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(cisco nx-os 7.2(0)zz(99.1))"
},
{
"model": "mds 9000 nx-os",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "6.2 (11b)"
},
{
"model": "nexus switch 9.1 sv1 base",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1000v"
},
{
"model": "nx-os software 7.2 zz",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "nx-os software 9. sv1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "nx-os software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(12)"
},
{
"model": "nx-os software 6.2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "nx-os software 4.1 e1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "nx-os for nexus series 7.2 zz",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9000"
},
{
"model": "nx-os for nexus series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "70006.2(12)"
},
{
"model": "nx-os for nexus series 7.2 zz",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5000"
},
{
"model": "nx-os for nexus series 4.1 e1",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4000"
},
{
"model": "nx-os for nexus series 7.2 zz",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3000"
},
{
"model": "nexus switch 9.1 sv1",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1000v"
},
{
"model": "mds nx-os software 6.2",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9000"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04324"
},
{
"db": "BID",
"id": "75528"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003469"
},
{
"db": "NVD",
"id": "CVE-2015-4237"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-093"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:nx-os:7.2\\(0\\)zz\\(99.3\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:nexus_93128tx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:nexus_9332pq:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:nexus_9336pq_aci_spine:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:nexus_9504:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:nexus_9508:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:nexus_9516:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:nexus_9372px:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:nexus_9396px:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:nexus_9372tx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:nexus_9396tx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:nx-os:7.2\\(0\\)zz\\(99.1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:nexus_3016:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:nexus_3048:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:nexus_3064:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:nexus_3132q:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:nexus_3232c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:nexus_3164q:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:nexus_3524:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:nexus_3172:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:nexus_3548:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:nx-os:6.2\\(11b\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:mds_9100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:mds_9140:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:mds_9700:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:mds_9500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:nx-os:9.1\\(1\\)sv1\\(3.1.8\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:nexus_1000v:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:nx-os:7.2\\(0\\)zz\\(99.1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:nexus_5548p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:nexus_5548up:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:nexus_5596up:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:nexus_5596t:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:nexus_5624q:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:nexus_5672up:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:nexus_56128p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:nexus_5648q:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:nexus_5696q:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:nx-os:6.2\\(12\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:nexus_7700:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:nx-os:4.1\\(2\\)e1\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:nexus_4001i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4237"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "75528"
}
],
"trust": 0.3
},
"cve": "CVE-2015-4237",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-4237",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2015-04324",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-82198",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-4237",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-04324",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201507-093",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-82198",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04324"
},
{
"db": "VULHUB",
"id": "VHN-82198"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003469"
},
{
"db": "NVD",
"id": "CVE-2015-4237"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-093"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491, CSCuv08443, CSCuv08480, CSCuv08448, CSCuu99291, CSCuv08434, and CSCuv08436. Vendors have confirmed this vulnerability Bug ID CSCuv08491 , CSCuv08443 , CSCuv08480 , CSCuv08448 , CSCuu99291 , CSCuv08434 ,and CSCuv08436 It is released as.By the local user, via a crafted character in the file name OS The command may be executed. Nexus is Cisco\u0027s line of network switches designed for data centers. The Cisco Nexus Operating System (NX-OS) CLI resolver has a security vulnerability that allows an authenticated local attacker to exploit this vulnerability for elevated privileges. \nThis issue is being tracked by Cisco Bug IDs CSCuv08491, CSCuv08443, CSCuv08480, CSCuv08448, CSCuu99291, CSCuv08434, and CSCuv08436. The following releases are affected: Cisco NX-OS Release 4.1(2)E1(1), Release 6.2(11b), Release 6.2(12), Release 7.2(0)ZZ(99.1), Release 7.2(0)ZZ(99.3) , version 9.1(1)SV1(3.1.8)",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4237"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003469"
},
{
"db": "CNVD",
"id": "CNVD-2015-04324"
},
{
"db": "BID",
"id": "75528"
},
{
"db": "VULHUB",
"id": "VHN-82198"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-4237",
"trust": 3.4
},
{
"db": "SECTRACK",
"id": "1032775",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003469",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201507-093",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "30265",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2015-04324",
"trust": 0.6
},
{
"db": "BID",
"id": "75528",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-82198",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04324"
},
{
"db": "VULHUB",
"id": "VHN-82198"
},
{
"db": "BID",
"id": "75528"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003469"
},
{
"db": "NVD",
"id": "CVE-2015-4237"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-093"
}
]
},
"id": "VAR-201507-0525",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04324"
},
{
"db": "VULHUB",
"id": "VHN-82198"
}
],
"trust": 1.52954545
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04324"
}
]
},
"last_update_date": "2023-12-18T12:07:07.533000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "39583",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39583"
},
{
"title": "Cisco Nexus Operating System Device Command Line Interface Local Privilege Escalation Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/60497"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04324"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003469"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
},
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-82198"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003469"
},
{
"db": "NVD",
"id": "CVE-2015-4237"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39583"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032775"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4237"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4237"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/30265"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04324"
},
{
"db": "VULHUB",
"id": "VHN-82198"
},
{
"db": "BID",
"id": "75528"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003469"
},
{
"db": "NVD",
"id": "CVE-2015-4237"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-093"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-04324"
},
{
"db": "VULHUB",
"id": "VHN-82198"
},
{
"db": "BID",
"id": "75528"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003469"
},
{
"db": "NVD",
"id": "CVE-2015-4237"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-093"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04324"
},
{
"date": "2015-07-03T00:00:00",
"db": "VULHUB",
"id": "VHN-82198"
},
{
"date": "2015-07-01T00:00:00",
"db": "BID",
"id": "75528"
},
{
"date": "2015-07-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003469"
},
{
"date": "2015-07-03T10:59:03.060000",
"db": "NVD",
"id": "CVE-2015-4237"
},
{
"date": "2015-07-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-093"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04324"
},
{
"date": "2016-12-28T00:00:00",
"db": "VULHUB",
"id": "VHN-82198"
},
{
"date": "2015-07-01T00:00:00",
"db": "BID",
"id": "75528"
},
{
"date": "2015-07-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003469"
},
{
"date": "2016-12-28T17:07:15.240000",
"db": "NVD",
"id": "CVE-2015-4237"
},
{
"date": "2015-07-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-093"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "75528"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-093"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Nexus Run on device Cisco NX-OS of CLI Any in the parser OS Command execution vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003469"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-093"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.