Sign-up

ID

VAR-201310-0004


CVE

CVE-2012-4075


TITLE

Cisco NX-OS Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2013-004519

DESCRIPTION

Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in unspecified command parameters, aka Bug IDs CSCtf19827 and CSCtf27788. The Cisco Nexus Series switches are data center switches. Adopt the Cisco Nexus OS operating system. Cisco NX-OS is prone to a local arbitrary command-execution vulnerability. This issue is being tracked by Cisco bug IDs CSCtf19827 and CSCtf27788. An arbitrary code execution vulnerability exists in Cisco NX-OS Software due to the program's improper handling of parameters containing special characters

Trust: 2.52

sources: NVD: CVE-2012-4075 // JVNDB: JVNDB-2013-004519 // CNVD: CNVD-2013-13504 // BID: 62837 // VULHUB: VHN-57356

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-13504

AFFECTED PRODUCTS

vendor:ciscomodel:nx-osscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:nx-osscope: - version: -

Trust: 0.8

vendor:ciscomodel:nx-os softwarescope: - version: -

Trust: 0.6

vendor:ciscomodel:nx-osscope:eqversion:4.2(4)

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:4.2(3)

Trust: 0.3

vendor:ciscomodel:nx-os 4.1 n2scope: - version: -

Trust: 0.3

vendor:ciscomodel:nx-os 4.0 n2scope: - version: -

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:nexusscope:eqversion:70000

Trust: 0.3

vendor:ciscomodel:nexusscope:eqversion:50000

Trust: 0.3

sources: CNVD: CNVD-2013-13504 // BID: 62837 // JVNDB: JVNDB-2013-004519 // CNNVD: CNNVD-201310-013 // NVD: CVE-2012-4075

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-4075
value: HIGH

Trust: 1.0

NVD: CVE-2012-4075
value: HIGH

Trust: 0.8

CNVD: CNVD-2013-13504
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201310-013
value: HIGH

Trust: 0.6

VULHUB: VHN-57356
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2012-4075
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-13504
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-57356
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2013-13504 // VULHUB: VHN-57356 // JVNDB: JVNDB-2013-004519 // CNNVD: CNNVD-201310-013 // NVD: CVE-2012-4075

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-57356 // JVNDB: JVNDB-2013-004519 // NVD: CVE-2012-4075

THREAT TYPE

local

Trust: 0.9

sources: BID: 62837 // CNNVD: CNNVD-201310-013

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201310-013

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004519

PATCH
title:Cisco NX-OS Software Arbitrary Code Execution Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4075
Trust: 0.8
title:Patch for Cisco NX-OS Software Back Quote Local Command Execution Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/40051
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-13504 // 
            
            
            
            JVNDB: JVNDB-2013-004519

EXTERNAL IDS
db:NVDid:CVE-2012-4075
Trust: 3.4
db:BIDid:62837
Trust: 2.0
db:SECUNIAid:55196
Trust: 1.1
db:JVNDBid:JVNDB-2013-004519
Trust: 0.8
db:CNNVDid:CNNVD-201310-013
Trust: 0.7
db:CNVDid:CNVD-2013-13504
Trust: 0.6
db:CISCOid:20131004 CISCO NX-OS SOFTWARE ARBITRARY CODE EXECUTION VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-57356
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-13504 // 
            
            
            
            VULHUB: VHN-57356 // 
            
            
            
            BID: 62837 // 
            
            
            
            JVNDB: JVNDB-2013-004519 // 
            
            
            
            CNNVD: CNNVD-201310-013 // 
            
            
            
            NVD: CVE-2012-4075

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4075
Trust: 2.3
url:http://www.securityfocus.com/bid/62837
Trust: 1.1
url:http://secunia.com/advisories/55196
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/87668
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4075
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4075
Trust: 0.8
url:http://tools.cisco.com/support/bugtoolkit/search/getbugdetails.do?method=fetchbugdetails&bugid=csctf19827
Trust: 0.6
url:http://tools.cisco.com/support/bugtoolkit/search/getbugdetails.do?method=fetchbugdetails&bugid=csctf27788
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-13504 // 
            
            
            
            VULHUB: VHN-57356 // 
            
            
            
            JVNDB: JVNDB-2013-004519 // 
            
            
            
            CNNVD: CNNVD-201310-013 // 
            
            
            
            NVD: CVE-2012-4075

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 62837

SOURCES
db:CNVDid:CNVD-2013-13504
db:VULHUBid:VHN-57356
db:BIDid:62837
db:JVNDBid:JVNDB-2013-004519
db:CNNVDid:CNNVD-201310-013
db:NVDid:CVE-2012-4075

LAST UPDATE DATE
2024-08-14T14:34:17.170000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-13504date:2013-10-10T00:00:00
db:VULHUBid:VHN-57356date:2017-08-29T00:00:00
db:BIDid:62837date:2013-10-10T17:14:00
db:JVNDBid:JVNDB-2013-004519date:2013-10-08T00:00:00
db:CNNVDid:CNNVD-201310-013date:2013-10-08T00:00:00
db:NVDid:CVE-2012-4075date:2017-08-29T01:32:09.277

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-13504date:2013-10-10T00:00:00
db:VULHUBid:VHN-57356date:2013-10-05T00:00:00
db:BIDid:62837date:2013-10-04T00:00:00
db:JVNDBid:JVNDB-2013-004519date:2013-10-08T00:00:00
db:CNNVDid:CNNVD-201310-013date:2013-10-08T00:00:00
db:NVDid:CVE-2012-4075date:2013-10-05T10:55:03.277