Sign-up

ID

VAR-201310-0005


CVE

CVE-2012-4076


TITLE

Cisco NX-OS Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2013-004650

DESCRIPTION

Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in a command that calls the system library function, aka Bug IDs CSCtf23559 and CSCtf27780. The Cisco Nexus Series switches are data center switches. Adopt the Cisco Nexus OS operating system. This issue is being tracked by Cisco bug IDs CSCtf23559 and CSCtf27780. The vulnerability is caused by the program not properly filtering parameters containing special characters

Trust: 2.52

sources: NVD: CVE-2012-4076 // JVNDB: JVNDB-2013-004650 // CNVD: CNVD-2013-13503 // BID: 62848 // VULHUB: VHN-57357

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-13503

AFFECTED PRODUCTS

vendor:ciscomodel:nx-osscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:4.0(0)n1(1a) to 4.2(1)n1(1) (cisco nexus 5000 series )

Trust: 0.8

vendor:ciscomodel:nx-osscope:eqversion:4.1.(2) to 4.2(4) (cisco nexus 7000 series )

Trust: 0.8

vendor:ciscomodel:nx-os softwarescope: - version: -

Trust: 0.6

vendor:ciscomodel:nx-osscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2013-13503 // BID: 62848 // JVNDB: JVNDB-2013-004650 // CNNVD: CNNVD-201310-277 // NVD: CVE-2012-4076

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-4076
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-4076
value: HIGH

Trust: 0.8

CNVD: CNVD-2013-13503
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201310-277
value: MEDIUM

Trust: 0.6

VULHUB: VHN-57357
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-4076
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2012-4076
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2013-13503
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-57357
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2013-13503 // VULHUB: VHN-57357 // JVNDB: JVNDB-2013-004650 // CNNVD: CNNVD-201310-277 // NVD: CVE-2012-4076

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:CWE-264

Trust: 0.8

sources: VULHUB: VHN-57357 // JVNDB: JVNDB-2013-004650 // NVD: CVE-2012-4076

THREAT TYPE

local

Trust: 0.9

sources: BID: 62848 // CNNVD: CNNVD-201310-277

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201310-277

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004650

PATCH
title:Cisco NX-OS Software Input Validation Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4076
Trust: 0.8
title:31142url:http://tools.cisco.com/security/center/viewAlert.x?alertId=31142
Trust: 0.8
title:Patch for Cisco NX-OS Software Pipeline Local Command Execution Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/40052
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-13503 // 
            
            
            
            JVNDB: JVNDB-2013-004650

EXTERNAL IDS
db:NVDid:CVE-2012-4076
Trust: 3.4
db:BIDid:62848
Trust: 2.0
db:OSVDBid:98126
Trust: 1.1
db:SECUNIAid:55205
Trust: 1.1
db:JVNDBid:JVNDB-2013-004650
Trust: 0.8
db:CNNVDid:CNNVD-201310-277
Trust: 0.7
db:CNVDid:CNVD-2013-13503
Trust: 0.6
db:CISCOid:20131004 CISCO NX-OS SOFTWARE INPUT VALIDATION VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-57357
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-13503 // 
            
            
            
            VULHUB: VHN-57357 // 
            
            
            
            BID: 62848 // 
            
            
            
            JVNDB: JVNDB-2013-004650 // 
            
            
            
            CNNVD: CNNVD-201310-277 // 
            
            
            
            NVD: CVE-2012-4076

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4076
Trust: 2.3
url:http://www.securityfocus.com/bid/62848
Trust: 1.1
url:http://osvdb.org/98126
Trust: 1.1
url:http://secunia.com/advisories/55205
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/87678
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4076
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4076
Trust: 0.8
url:http://tools.cisco.com/support/bugtoolkit/search/getbugdetails.do?method=fetchbugdetails&bugid=csctf23559
Trust: 0.6
url:http://tools.cisco.com/support/bugtoolkit/search/getbugdetails.do?method=fetchbugdetails&bugid=csctf27780
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-13503 // 
            
            
            
            VULHUB: VHN-57357 // 
            
            
            
            JVNDB: JVNDB-2013-004650 // 
            
            
            
            CNNVD: CNNVD-201310-277 // 
            
            
            
            NVD: CVE-2012-4076

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 62848

SOURCES
db:CNVDid:CNVD-2013-13503
db:VULHUBid:VHN-57357
db:BIDid:62848
db:JVNDBid:JVNDB-2013-004650
db:CNNVDid:CNNVD-201310-277
db:NVDid:CVE-2012-4076

LAST UPDATE DATE
2024-08-14T13:58:11.201000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-13503date:2013-10-10T00:00:00
db:VULHUBid:VHN-57357date:2017-08-29T00:00:00
db:BIDid:62848date:2013-10-04T00:00:00
db:JVNDBid:JVNDB-2013-004650date:2013-10-17T00:00:00
db:CNNVDid:CNNVD-201310-277date:2013-10-15T00:00:00
db:NVDid:CVE-2012-4076date:2017-08-29T01:32:09.337

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-13503date:2013-10-10T00:00:00
db:VULHUBid:VHN-57357date:2013-10-14T00:00:00
db:BIDid:62848date:2013-10-04T00:00:00
db:JVNDBid:JVNDB-2013-004650date:2013-10-17T00:00:00
db:CNNVDid:CNNVD-201310-277date:2013-10-15T00:00:00
db:NVDid:CVE-2012-4076date:2013-10-14T03:34:51.930