Sign-up

ID

VAR-201307-0229


CVE

CVE-2013-3400


TITLE

Cisco Nexus 1000V Runs on the device Cisco NX-OS Vulnerable to arbitrary command execution

Trust: 0.8

sources: JVNDB: JVNDB-2013-003324

DESCRIPTION

The license-installation module in Cisco NX-OS on Nexus 1000V devices allows local users to execute arbitrary commands via crafted "install license" arguments, aka Bug ID CSCuh30824. The Cisco Nexus Series switches are data center switches. Adopt the Cisco Nexus OS operating system. Successful exploits may compromise the affected computer. This issue being tracked by Cisco Bug ID CSCuh30824

Trust: 2.52

sources: NVD: CVE-2013-3400 // JVNDB: JVNDB-2013-003324 // CNVD: CNVD-2013-09368 // BID: 61134 // VULHUB: VHN-63402

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-09368

AFFECTED PRODUCTS

vendor:ciscomodel:nx-osscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:nexus 1000vscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:nexus 1000v switchscope: - version: -

Trust: 0.8

vendor:ciscomodel:nx-osscope: - version: -

Trust: 0.8

vendor:ciscomodel:nx-os on nexus devicesscope:eqversion:1000v

Trust: 0.6

vendor:ciscomodel:nx-osscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:nexus 4.2 sv1scope:eqversion:1000v

Trust: 0.3

sources: CNVD: CNVD-2013-09368 // BID: 61134 // JVNDB: JVNDB-2013-003324 // CNNVD: CNNVD-201307-211 // NVD: CVE-2013-3400

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3400
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-3400
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-09368
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201307-211
value: MEDIUM

Trust: 0.6

VULHUB: VHN-63402
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-3400
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-09368
severity: MEDIUM
baseScore: 6.6
vectorString: AV:L/AC:M/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 2.7
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-63402
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2013-09368 // VULHUB: VHN-63402 // JVNDB: JVNDB-2013-003324 // CNNVD: CNNVD-201307-211 // NVD: CVE-2013-3400

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-63402 // JVNDB: JVNDB-2013-003324 // NVD: CVE-2013-3400

THREAT TYPE

local

Trust: 0.9

sources: BID: 61134 // CNNVD: CNNVD-201307-211

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201307-211

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003324

PATCH
title:Cisco Nexus 1000V License Installation Command Injection Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3400
Trust: 0.8
title:30000url:http://tools.cisco.com/security/center/viewAlert.x?alertId=30000
Trust: 0.8
title:Patch for Cisco NX-OS on Nexus arbitrary command execution vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/35100
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-09368 // 
            
            
            
            JVNDB: JVNDB-2013-003324

EXTERNAL IDS
db:NVDid:CVE-2013-3400
Trust: 3.4
db:SECTRACKid:1028763
Trust: 1.1
db:JVNDBid:JVNDB-2013-003324
Trust: 0.8
db:CNNVDid:CNNVD-201307-211
Trust: 0.7
db:CNVDid:CNVD-2013-09368
Trust: 0.6
db:CISCOid:20130709 CISCO NEXUS 1000V LICENSE INSTALLATION COMMAND INJECTION VULNERABILITY
Trust: 0.6
db:BIDid:61134
Trust: 0.4
db:VULHUBid:VHN-63402
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-09368 // 
            
            
            
            VULHUB: VHN-63402 // 
            
            
            
            BID: 61134 // 
            
            
            
            JVNDB: JVNDB-2013-003324 // 
            
            
            
            CNNVD: CNNVD-201307-211 // 
            
            
            
            NVD: CVE-2013-3400

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3400
Trust: 2.6
url:http://www.securitytracker.com/id/1028763
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3400
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3400
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://tools.cisco.com/security/center/viewalert.x?alertid=30000
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-09368 // 
            
            
            
            VULHUB: VHN-63402 // 
            
            
            
            BID: 61134 // 
            
            
            
            JVNDB: JVNDB-2013-003324 // 
            
            
            
            CNNVD: CNNVD-201307-211 // 
            
            
            
            NVD: CVE-2013-3400

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 61134

SOURCES
db:CNVDid:CNVD-2013-09368
db:VULHUBid:VHN-63402
db:BIDid:61134
db:JVNDBid:JVNDB-2013-003324
db:CNNVDid:CNNVD-201307-211
db:NVDid:CVE-2013-3400

LAST UPDATE DATE
2024-08-14T14:52:37.752000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-09368date:2013-07-15T00:00:00
db:VULHUBid:VHN-63402date:2013-08-20T00:00:00
db:BIDid:61134date:2013-07-09T00:00:00
db:JVNDBid:JVNDB-2013-003324date:2013-07-12T00:00:00
db:CNNVDid:CNNVD-201307-211date:2013-07-17T00:00:00
db:NVDid:CVE-2013-3400date:2013-08-20T03:23:32.347

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-09368date:2013-07-12T00:00:00
db:VULHUBid:VHN-63402date:2013-07-10T00:00:00
db:BIDid:61134date:2013-07-09T00:00:00
db:JVNDBid:JVNDB-2013-003324date:2013-07-12T00:00:00
db:CNNVDid:CNNVD-201307-211date:2013-07-17T00:00:00
db:NVDid:CVE-2013-3400date:2013-07-10T20:55:02.090