Details of VAR-201205-0284

ID

VAR-201205-0284

CVE

CVE-2011-4023

TITLE

Nexus Runs on the switch Cisco NX-OS of libcmd Service disruption in ( Memory consumption ) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2012-002227

DESCRIPTION

Memory leak in libcmd in Cisco NX-OS 5.0 on Nexus switches allows remote authenticated users to cause a denial of service (memory consumption) via SNMP requests, aka Bug ID CSCtr65682. NX-OS is prone to a denial-of-service vulnerability. Cisco NX-OS is a data center-oriented operating system developed by Cisco

Trust: 1.98

sources: NVD: CVE-2011-4023 // JVNDB: JVNDB-2012-002227 // BID: 78395 // VULHUB: VHN-51968

AFFECTED PRODUCTS

vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0	Trust: 2.1
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)n1\(1a\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(2\)n2\(1a\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(5\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(2\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)n1\(1\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)n2\(2\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)n1\(1c\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)n1\(1b\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(2\)n1\(1\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)n2\(1\)	Trust: 1.6
vendor:	cisco	model:	nx-os 5.0 n2	scope:	-	version:	-	Trust: 1.5
vendor:	cisco	model:	nexus 5020p switch	scope:	eq	version:	-	Trust: 1.3
vendor:	cisco	model:	nexus 5010p switch	scope:	eq	version:	-	Trust: 1.3
vendor:	cisco	model:	nexus 2248tp fex switch	scope:	eq	version:	-	Trust: 1.3
vendor:	cisco	model:	nexus 2248tp e fex switch	scope:	eq	version:	-	Trust: 1.3
vendor:	cisco	model:	nexus 2232tm fex switch	scope:	eq	version:	-	Trust: 1.3
vendor:	cisco	model:	nexus 2232pp fex switch	scope:	eq	version:	-	Trust: 1.3
vendor:	cisco	model:	nexus 2224tp fex switch	scope:	eq	version:	-	Trust: 1.3
vendor:	cisco	model:	nexus 2148t fex switch	scope:	eq	version:	-	Trust: 1.3
vendor:	cisco	model:	nx-os 5.0 n1	scope:	-	version:	-	Trust: 1.2
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)n2\(2a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(2\)n2\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(2a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)n2\(2b\)	Trust: 1.0
vendor:	cisco	model:	nexus 5548p	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)	Trust: 1.0
vendor:	cisco	model:	nexus 5596up	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 5548up	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 2148t fex switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 2224tp fex switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 2232pp fex switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 2232tm fex switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 2248tp e fex switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 2248tp fex switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 5010 switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 5020 switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 5548p switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 5548up switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 5596up switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0(5)	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0(3)	Trust: 0.3
vendor:	cisco	model:	nx-os 5.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0(2)	Trust: 0.3
vendor:	cisco	model:	nexus 5596up switch	scope:	eq	version:	-	Trust: 0.3
vendor:	cisco	model:	nexus 5548up switch	scope:	eq	version:	-	Trust: 0.3
vendor:	cisco	model:	nexus 5548p switch	scope:	eq	version:	-	Trust: 0.3

sources: BID: 78395 // JVNDB: JVNDB-2012-002227 // CNNVD: CNNVD-201205-068 // NVD: CVE-2011-4023

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-4023
value:	HIGH
Trust: 1.0
NVD:	CVE-2011-4023
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201205-068
value:	HIGH
Trust: 0.6
VULHUB:	VHN-51968
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2011-4023
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-51968
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-51968 // JVNDB: JVNDB-2012-002227 // CNNVD: CNNVD-201205-068 // NVD: CVE-2011-4023

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-51968 // JVNDB: JVNDB-2012-002227 // NVD: CVE-2011-4023

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201205-068

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201205-068

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-002227

PATCH

title:

Cisco Nexus 5000 Series and Cisco Nexus 2000 Series Release Notes for Cisco NX-OS Release

url:

http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/release/notes/Rel_5_0_3_N2_1/Nexus5000_Release_Notes_5_0_3_N2.html

Trust: 0.8

sources: JVNDB: JVNDB-2012-002227

EXTERNAL IDS

db:	NVD	id:	CVE-2011-4023	Trust: 2.8
db:	JVNDB	id:	JVNDB-2012-002227	Trust: 0.8
db:	CNNVD	id:	CNNVD-201205-068	Trust: 0.7
db:	BID	id:	78395	Trust: 0.4
db:	VULHUB	id:	VHN-51968	Trust: 0.1

sources: VULHUB: VHN-51968 // BID: 78395 // JVNDB: JVNDB-2012-002227 // CNNVD: CNNVD-201205-068 // NVD: CVE-2011-4023

REFERENCES

url:	http://www.cisco.com/en/us/docs/switches/datacenter/nexus5000/sw/release/notes/rel_5_0_3_n2_1/nexus5000_release_notes_5_0_3_n2.html	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4023	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4023	Trust: 0.8

sources: VULHUB: VHN-51968 // BID: 78395 // JVNDB: JVNDB-2012-002227 // CNNVD: CNNVD-201205-068 // NVD: CVE-2011-4023

CREDITS

Unknown

Trust: 0.3

sources: BID: 78395

SOURCES

db:	VULHUB	id:	VHN-51968
db:	BID	id:	78395
db:	JVNDB	id:	JVNDB-2012-002227
db:	CNNVD	id:	CNNVD-201205-068
db:	NVD	id:	CVE-2011-4023

LAST UPDATE DATE

2024-11-23T22:59:50.631000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-51968	date:	2018-10-30T00:00:00
db:	BID	id:	78395	date:	2012-05-03T00:00:00
db:	JVNDB	id:	JVNDB-2012-002227	date:	2012-05-08T00:00:00
db:	CNNVD	id:	CNNVD-201205-068	date:	2012-05-04T00:00:00
db:	NVD	id:	CVE-2011-4023	date:	2024-11-21T01:31:42.820

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-51968	date:	2012-05-03T00:00:00
db:	BID	id:	78395	date:	2012-05-03T00:00:00
db:	JVNDB	id:	JVNDB-2012-002227	date:	2012-05-08T00:00:00
db:	CNNVD	id:	CNNVD-201205-068	date:	2012-05-04T00:00:00
db:	NVD	id:	CVE-2011-4023	date:	2012-05-03T10:11:39.640