Sign-up

ID

VAR-201305-0152


CVE

CVE-2013-1212


TITLE

Cisco Nexus 1000V Run on Cisco NX-OS Vulnerable to server impersonation

Trust: 0.8

sources: JVNDB: JVNDB-2013-002854

DESCRIPTION

The SSL functionality in Cisco NX-OS on the Nexus 1000V does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof servers, and intercept or modify Virtual Supervisor Module (VSM) to VMware vCenter communication, via a crafted certificate, aka Bug ID CSCud14837. The Cisco Nexus Series switches are data center switches. Adopt the Cisco Nexus OS operating system. An attacker can exploit this issue to perform man-in-the-middle attacks and perform certain unauthorized actions, which will aid in further attacks. This issue is being tracked by Cisco Bug ID CSCud14837. Cisco NX-OS is the American Cisco ( Cisco ) The company's set of operating systems for data centers

Trust: 2.61

sources: NVD: CVE-2013-1212 // JVNDB: JVNDB-2013-002854 // CNVD: CNVD-2013-06429 // BID: 60225 // VULHUB: VHN-61214 // VULMON: CVE-2013-1212

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-06429

AFFECTED PRODUCTS

vendor:ciscomodel:nx-osscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:nx-osscope: - version: -

Trust: 1.4

vendor:ciscomodel:nexus 1000vscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:nexus 1000v switchscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexusscope:eqversion:1000v

Trust: 0.6

vendor:ciscomodel:nexusscope:eqversion:1000v0

Trust: 0.3

sources: CNVD: CNVD-2013-06429 // BID: 60225 // JVNDB: JVNDB-2013-002854 // CNNVD: CNNVD-201305-609 // NVD: CVE-2013-1212

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-1212
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-1212
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-06429
value: LOW

Trust: 0.6

CNNVD: CNNVD-201305-609
value: MEDIUM

Trust: 0.6

VULHUB: VHN-61214
value: MEDIUM

Trust: 0.1

VULMON: CVE-2013-1212
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-1212
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2013-06429
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-61214
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2013-06429 // VULHUB: VHN-61214 // VULMON: CVE-2013-1212 // JVNDB: JVNDB-2013-002854 // CNNVD: CNNVD-201305-609 // NVD: CVE-2013-1212

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

sources: VULHUB: VHN-61214 // JVNDB: JVNDB-2013-002854 // NVD: CVE-2013-1212

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201305-609

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201305-609

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-002854

PATCH
title:Cisco Nexus 1000V VSM to vCenter Communication Man-in-the-Middle Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1212
Trust: 0.8
title:29474url:http://tools.cisco.com/security/center/viewAlert.x?alertId=29474
Trust: 0.8
title:Patch for Cisco Nexus 1000V VSM to vCenter Communication Man-in-the-Middle Attack Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/34387
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-06429 // 
            
            
            
            JVNDB: JVNDB-2013-002854

EXTERNAL IDS
db:NVDid:CVE-2013-1212
Trust: 3.5
db:JVNDBid:JVNDB-2013-002854
Trust: 0.8
db:CNNVDid:CNNVD-201305-609
Trust: 0.7
db:CNVDid:CNVD-2013-06429
Trust: 0.6
db:CISCOid:20130528 CISCO NEXUS 1000V VSM TO VCENTER COMMUNICATION MAN-IN-THE-MIDDLE VULNERABILITY
Trust: 0.6
db:BIDid:60225
Trust: 0.4
db:VULHUBid:VHN-61214
Trust: 0.1
db:VULMONid:CVE-2013-1212
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-06429 // 
            
            
            
            VULHUB: VHN-61214 // 
            
            
            
            VULMON: CVE-2013-1212 // 
            
            
            
            BID: 60225 // 
            
            
            
            JVNDB: JVNDB-2013-002854 // 
            
            
            
            CNNVD: CNNVD-201305-609 // 
            
            
            
            NVD: CVE-2013-1212

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1212
Trust: 2.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1212
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1212
Trust: 0.8
url:http://www.cisco.com/en/us/products/ps9902/tsd_products_support_series_home.html
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/310.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-06429 // 
            
            
            
            VULHUB: VHN-61214 // 
            
            
            
            VULMON: CVE-2013-1212 // 
            
            
            
            BID: 60225 // 
            
            
            
            JVNDB: JVNDB-2013-002854 // 
            
            
            
            CNNVD: CNNVD-201305-609 // 
            
            
            
            NVD: CVE-2013-1212

CREDITS
Felix 'FX' Lindner, Recurity Labs GmbH
Trust: 0.3
sources:
            
            
            BID: 60225

SOURCES
db:CNVDid:CNVD-2013-06429
db:VULHUBid:VHN-61214
db:VULMONid:CVE-2013-1212
db:BIDid:60225
db:JVNDBid:JVNDB-2013-002854
db:CNNVDid:CNNVD-201305-609
db:NVDid:CVE-2013-1212

LAST UPDATE DATE
2024-08-14T15:35:13.622000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-06429date:2013-05-31T00:00:00
db:VULHUBid:VHN-61214date:2013-06-11T00:00:00
db:VULMONid:CVE-2013-1212date:2013-06-11T00:00:00
db:BIDid:60225date:2013-05-31T07:24:00
db:JVNDBid:JVNDB-2013-002854date:2013-06-13T00:00:00
db:CNNVDid:CNNVD-201305-609date:2013-05-30T00:00:00
db:NVDid:CVE-2013-1212date:2013-06-11T04:00:00

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-06429date:2013-05-31T00:00:00
db:VULHUBid:VHN-61214date:2013-05-29T00:00:00
db:VULMONid:CVE-2013-1212date:2013-05-29T00:00:00
db:BIDid:60225date:2013-05-30T00:00:00
db:JVNDBid:JVNDB-2013-002854date:2013-05-31T00:00:00
db:CNNVDid:CNNVD-201305-609date:2013-05-30T00:00:00
db:NVDid:CVE-2013-1212date:2013-05-29T19:55:01.087