Sign-up

ID

VAR-201305-0148


CVE

CVE-2013-1208


TITLE

Cisco Nexus 1000V Run on Cisco NX-OS Vulnerable to intercepting or modifying network traffic

Trust: 0.8

sources: JVNDB: JVNDB-2013-002850

DESCRIPTION

The encryption functionality in Cisco NX-OS on the Nexus 1000V does not properly handle Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication, which allows remote attackers to intercept or modify network traffic by leveraging certain Layer 2 or Layer 3 access, aka Bug ID CSCud14691. Vendors have confirmed this vulnerability Bug ID CSCud14691 It is released as.Network traffic may be intercepted or altered by third parties using access rights to Layer 2 or Layer 3. The Cisco Nexus Series switches are data center switches. Adopt the Cisco Nexus OS operating system. Successful exploits will allow attackers to perform unauthorized actions and obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCud14691

Trust: 2.52

sources: NVD: CVE-2013-1208 // JVNDB: JVNDB-2013-002850 // CNVD: CNVD-2013-06439 // BID: 60227 // VULHUB: VHN-61210

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-06439

AFFECTED PRODUCTS

vendor:ciscomodel:nx-osscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:nx-osscope: - version: -

Trust: 1.4

vendor:ciscomodel:nexus 1000v switchscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexusscope:eqversion:1000v

Trust: 0.6

vendor:ciscomodel:nexusscope:eqversion:1000v0

Trust: 0.3

sources: CNVD: CNVD-2013-06439 // BID: 60227 // JVNDB: JVNDB-2013-002850 // CNNVD: CNNVD-201305-605 // NVD: CVE-2013-1208

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-1208
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-1208
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-06439
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201305-605
value: MEDIUM

Trust: 0.6

VULHUB: VHN-61210
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-1208
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-06439
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-61210
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2013-06439 // VULHUB: VHN-61210 // JVNDB: JVNDB-2013-002850 // CNNVD: CNNVD-201305-605 // NVD: CVE-2013-1208

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

sources: VULHUB: VHN-61210 // JVNDB: JVNDB-2013-002850 // NVD: CVE-2013-1208

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201305-605

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201305-605

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-002850

PATCH
title:Cisco Nexus 1000V VSM/VEM Communication Encryption Issuesurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1208
Trust: 0.8
title:29472url:http://tools.cisco.com/security/center/viewAlert.x?alertId=29472
Trust: 0.8
title:Cisco Nexus 1000V VSM/VEM Communication Encryption Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/34392
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-06439 // 
            
            
            
            JVNDB: JVNDB-2013-002850

EXTERNAL IDS
db:NVDid:CVE-2013-1208
Trust: 3.4
db:JVNDBid:JVNDB-2013-002850
Trust: 0.8
db:CNNVDid:CNNVD-201305-605
Trust: 0.7
db:CNVDid:CNVD-2013-06439
Trust: 0.6
db:CISCOid:20130528 CISCO NEXUS 1000V VSM/VEM COMMUNICATION ENCRYPTION ISSUES
Trust: 0.6
db:BIDid:60227
Trust: 0.4
db:VULHUBid:VHN-61210
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-06439 // 
            
            
            
            VULHUB: VHN-61210 // 
            
            
            
            BID: 60227 // 
            
            
            
            JVNDB: JVNDB-2013-002850 // 
            
            
            
            CNNVD: CNNVD-201305-605 // 
            
            
            
            NVD: CVE-2013-1208

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1208
Trust: 2.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1208
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1208
Trust: 0.8
url:http://www.cisco.com/en/us/products/ps9902/tsd_products_support_series_home.html
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-06439 // 
            
            
            
            VULHUB: VHN-61210 // 
            
            
            
            BID: 60227 // 
            
            
            
            JVNDB: JVNDB-2013-002850 // 
            
            
            
            CNNVD: CNNVD-201305-605 // 
            
            
            
            NVD: CVE-2013-1208

CREDITS
Felix 'FX' Lindner, Recurity Labs GmbH
Trust: 0.3
sources:
            
            
            BID: 60227

SOURCES
db:CNVDid:CNVD-2013-06439
db:VULHUBid:VHN-61210
db:BIDid:60227
db:JVNDBid:JVNDB-2013-002850
db:CNNVDid:CNNVD-201305-605
db:NVDid:CVE-2013-1208

LAST UPDATE DATE
2024-08-14T14:58:20.039000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-06439date:2013-05-31T00:00:00
db:VULHUBid:VHN-61210date:2013-05-30T00:00:00
db:BIDid:60227date:2013-05-31T07:24:00
db:JVNDBid:JVNDB-2013-002850date:2013-05-31T00:00:00
db:CNNVDid:CNNVD-201305-605date:2013-05-30T00:00:00
db:NVDid:CVE-2013-1208date:2013-05-30T13:26:04.180

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-06439date:2013-05-31T00:00:00
db:VULHUBid:VHN-61210date:2013-05-29T00:00:00
db:BIDid:60227date:2013-05-30T00:00:00
db:JVNDBid:JVNDB-2013-002850date:2013-05-31T00:00:00
db:CNNVDid:CNNVD-201305-605date:2013-05-30T00:00:00
db:NVDid:CVE-2013-1208date:2013-05-29T19:55:00.973