Details of VAR-201305-0149

ID

VAR-201305-0149

CVE

CVE-2013-1209

TITLE

Cisco Nexus 1000V Run on Cisco NX-OS Vulnerable to packet level encryption and integrity protection being disabled

Trust: 0.8

sources: JVNDB: JVNDB-2013-002851

DESCRIPTION

The encryption functionality in the Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication component in Cisco NX-OS on the Nexus 1000V does not properly authenticate VSM/VEM packets, which allows remote attackers to disable packet-level encryption and integrity protection via crafted packets, aka Bug ID CSCud14710. The Cisco Nexus Series switches are data center switches. Adopt the Cisco Nexus OS operating system. And integrity protection. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions on the affected device. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCud14710. The vulnerability is caused by the program not properly validating VSM/VEM packets

Trust: 2.52

sources: NVD: CVE-2013-1209 // JVNDB: JVNDB-2013-002851 // CNVD: CNVD-2013-06437 // BID: 60224 // VULHUB: VHN-61211

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-06437

AFFECTED PRODUCTS

vendor:	cisco	model:	nx-os	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	nexus 1000v switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus	scope:	eq	version:	1000v	Trust: 0.6

sources: CNVD: CNVD-2013-06437 // JVNDB: JVNDB-2013-002851 // CNNVD: CNNVD-201305-606 // NVD: CVE-2013-1209

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-1209
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-1209
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2013-06437
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201305-606
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-61211
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-1209
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-06437
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-61211
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2013-06437 // VULHUB: VHN-61211 // JVNDB: JVNDB-2013-002851 // CNNVD: CNNVD-201305-606 // NVD: CVE-2013-1209

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-61211 // JVNDB: JVNDB-2013-002851 // NVD: CVE-2013-1209

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201305-606

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201305-606

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-002851

PATCH

title:	Cisco Nexus 1000V VSM/VEM Communication Encryption Bypass Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1209	Trust: 0.8
title:	29471	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=29471	Trust: 0.8
title:	Cisco Nexus 1000V VSM/VEM Communication Encryption Bypass Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/34391	Trust: 0.6

sources: CNVD: CNVD-2013-06437 // JVNDB: JVNDB-2013-002851

EXTERNAL IDS

db:	NVD	id:	CVE-2013-1209	Trust: 3.4
db:	JVNDB	id:	JVNDB-2013-002851	Trust: 0.8
db:	CNNVD	id:	CNNVD-201305-606	Trust: 0.7
db:	CNVD	id:	CNVD-2013-06437	Trust: 0.6
db:	CISCO	id:	20130528 CISCO NEXUS 1000V VSM/VEM COMMUNICATION ENCRYPTION BYPASS VULNERABILITY	Trust: 0.6
db:	BID	id:	60224	Trust: 0.4
db:	VULHUB	id:	VHN-61211	Trust: 0.1

sources: CNVD: CNVD-2013-06437 // VULHUB: VHN-61211 // BID: 60224 // JVNDB: JVNDB-2013-002851 // CNNVD: CNNVD-201305-606 // NVD: CVE-2013-1209

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1209	Trust: 2.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1209	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1209	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2013-06437 // VULHUB: VHN-61211 // BID: 60224 // JVNDB: JVNDB-2013-002851 // CNNVD: CNNVD-201305-606 // NVD: CVE-2013-1209

CREDITS

Felix 'FX' Lindner, Recurity Labs GmbH

Trust: 0.3

sources: BID: 60224

SOURCES

db:	CNVD	id:	CNVD-2013-06437
db:	VULHUB	id:	VHN-61211
db:	BID	id:	60224
db:	JVNDB	id:	JVNDB-2013-002851
db:	CNNVD	id:	CNNVD-201305-606
db:	NVD	id:	CVE-2013-1209

LAST UPDATE DATE

2024-08-14T14:52:38.305000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-06437	date:	2013-05-31T00:00:00
db:	VULHUB	id:	VHN-61211	date:	2013-05-30T00:00:00
db:	BID	id:	60224	date:	2013-05-28T00:00:00
db:	JVNDB	id:	JVNDB-2013-002851	date:	2013-05-31T00:00:00
db:	CNNVD	id:	CNNVD-201305-606	date:	2013-05-31T00:00:00
db:	NVD	id:	CVE-2013-1209	date:	2013-05-30T13:30:37.170

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-06437	date:	2013-05-31T00:00:00
db:	VULHUB	id:	VHN-61211	date:	2013-05-29T00:00:00
db:	BID	id:	60224	date:	2013-05-28T00:00:00
db:	JVNDB	id:	JVNDB-2013-002851	date:	2013-05-31T00:00:00
db:	CNNVD	id:	CNNVD-201305-606	date:	2013-05-30T00:00:00
db:	NVD	id:	CVE-2013-1209	date:	2013-05-29T19:55:01.023