Details of VAR-201301-0151

ID

VAR-201301-0151

CVE

CVE-2012-6396

TITLE

Cisco NX-OS on Nexus 7000 Remote Denial of Service Vulnerability

Trust: 0.8

sources: IVD: 21781f34-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-00459

DESCRIPTION

Cisco NX-OS on Nexus 7000 series switches does not properly handle certain line-card replacements, which might allow remote authenticated users to cause a denial of service (memory consumption) via a crafted configuration that references interfaces that do not exist on the new card, aka Bug ID CSCud44300. The Cisco Nexus Series switches are data center switches. Adopt the Cisco Nexus OS operating system. There is a denial of service attack on the Cisco Nexus 7000. Allows authenticated attackers to consume large amounts of memory and system resources. This vulnerability is only triggered when a lower-density card replaces a higher-density line-card in the same slot. This issue is being tracked by Cisco Bug ID CSCud44300. Cisco NX-OS is vulnerable; other versions may also be affected

Trust: 2.7

sources: NVD: CVE-2012-6396 // JVNDB: JVNDB-2013-001220 // CNVD: CNVD-2013-00459 // BID: 57482 // IVD: 21781f34-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-59677

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: 21781f34-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-00459

AFFECTED PRODUCTS

vendor:	cisco	model:	nx-os	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	nexus 7000	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 7000 18-slot	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 7000 10-slot	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 7000 9-slot	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 7000 10 slot switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 7000 18 slot switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 7000 9 slot switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 7000 series switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nx-os	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nx-os on nexus series switches	scope:	eq	version:	7000	Trust: 0.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	nexus	scope:	eq	version:	70000	Trust: 0.3
vendor:	nx os	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	nexus 7000	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	nexus 7000 10 slot	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	nexus 7000 18 slot	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	nexus 7000 9 slot	model:	-	scope:	eq	version:	-	Trust: 0.2

sources: IVD: 21781f34-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-00459 // BID: 57482 // JVNDB: JVNDB-2013-001220 // CNNVD: CNNVD-201301-392 // NVD: CVE-2012-6396

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-6396
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-6396
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201301-392
value:	MEDIUM
Trust: 0.6
IVD:	21781f34-2353-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-59677
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-6396
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:N/AC:H/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
IVD:	21781f34-2353-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:N/AC:H/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-59677
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:N/AC:H/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 21781f34-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-59677 // JVNDB: JVNDB-2013-001220 // CNNVD: CNNVD-201301-392 // NVD: CVE-2012-6396

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-59677 // JVNDB: JVNDB-2013-001220 // NVD: CVE-2012-6396

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201301-392

TYPE

Resource management error

Trust: 0.8

sources: IVD: 21781f34-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201301-392

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-001220

PATCH

title:	CVE-2012-6396	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-6396	Trust: 0.8
title:	Patch for Cisco NX-OS on Nexus 7000 Remote Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/30731	Trust: 0.6

sources: CNVD: CNVD-2013-00459 // JVNDB: JVNDB-2013-001220

EXTERNAL IDS

db:	NVD	id:	CVE-2012-6396	Trust: 3.6
db:	SECTRACK	id:	1028018	Trust: 1.1
db:	CNNVD	id:	CNNVD-201301-392	Trust: 0.9
db:	CNVD	id:	CNVD-2013-00459	Trust: 0.8
db:	JVNDB	id:	JVNDB-2013-001220	Trust: 0.8
db:	CISCO	id:	20130110 CISCO NEXUS 7000 DENIAL OF SERVICE VULNERABILITY	Trust: 0.6
db:	BID	id:	57482	Trust: 0.4
db:	IVD	id:	21781F34-2353-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-59677	Trust: 0.1

sources: IVD: 21781f34-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-00459 // VULHUB: VHN-59677 // BID: 57482 // JVNDB: JVNDB-2013-001220 // CNNVD: CNNVD-201301-392 // NVD: CVE-2012-6396

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-6396	Trust: 2.6
url:	http://www.securitytracker.com/id/1028018	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-6396	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-6396	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html	Trust: 0.3

sources: CNVD: CNVD-2013-00459 // VULHUB: VHN-59677 // BID: 57482 // JVNDB: JVNDB-2013-001220 // CNNVD: CNNVD-201301-392 // NVD: CVE-2012-6396

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 57482

SOURCES

db:	IVD	id:	21781f34-2353-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2013-00459
db:	VULHUB	id:	VHN-59677
db:	BID	id:	57482
db:	JVNDB	id:	JVNDB-2013-001220
db:	CNNVD	id:	CNNVD-201301-392
db:	NVD	id:	CVE-2012-6396

LAST UPDATE DATE

2024-11-23T23:02:52.799000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-00459	date:	2013-01-23T00:00:00
db:	VULHUB	id:	VHN-59677	date:	2013-02-02T00:00:00
db:	BID	id:	57482	date:	2013-01-10T00:00:00
db:	JVNDB	id:	JVNDB-2013-001220	date:	2013-01-22T00:00:00
db:	CNNVD	id:	CNNVD-201301-392	date:	2013-01-23T00:00:00
db:	NVD	id:	CVE-2012-6396	date:	2024-11-21T01:46:05.167

SOURCES RELEASE DATE

db:	IVD	id:	21781f34-2353-11e6-abef-000c29c66e3d	date:	2013-01-23T00:00:00
db:	CNVD	id:	CNVD-2013-00459	date:	2013-01-23T00:00:00
db:	VULHUB	id:	VHN-59677	date:	2013-01-19T00:00:00
db:	BID	id:	57482	date:	2013-01-10T00:00:00
db:	JVNDB	id:	JVNDB-2013-001220	date:	2013-01-22T00:00:00
db:	CNNVD	id:	CNNVD-201301-392	date:	2013-01-21T00:00:00
db:	NVD	id:	CVE-2012-6396	date:	2013-01-19T20:55:01.043