Details of VAR-201310-0006

ID

VAR-201310-0006

CVE

CVE-2012-4077

TITLE

Cisco NX-OS Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2013-004651

DESCRIPTION

Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via the sed e option, aka Bug IDs CSCtf25457 and CSCtf27651. The Cisco Nexus Series switches are data center switches. Adopt the Cisco Nexus OS operating system. This issue is being tracked by Cisco bug IDs CSCtf25457 and CSCtf27651. An input validation vulnerability exists in Cisco NX-OS Software

Trust: 2.52

sources: NVD: CVE-2012-4077 // JVNDB: JVNDB-2013-004651 // CNVD: CNVD-2013-13502 // BID: 62849 // VULHUB: VHN-57358

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-13502

AFFECTED PRODUCTS

vendor:	cisco	model:	nx-os	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.0(0)n1(1a) to 4.2(1)n1(1) (cisco nexus 5000 series )	Trust: 0.8
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.1.(2) to 4.2(4) (cisco nexus 7000 series )	Trust: 0.8
vendor:	cisco	model:	nx-os software	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.2(4)	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.2(3)	Trust: 0.3
vendor:	cisco	model:	nx-os 4.0 n2	scope:	-	version:	-	Trust: 0.3

sources: CNVD: CNVD-2013-13502 // BID: 62849 // JVNDB: JVNDB-2013-004651 // CNNVD: CNNVD-201310-278 // NVD: CVE-2012-4077

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-4077
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-4077
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2013-13502
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201310-278
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-57358
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-4077
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-13502
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-57358
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2013-13502 // VULHUB: VHN-57358 // JVNDB: JVNDB-2013-004651 // CNNVD: CNNVD-201310-278 // NVD: CVE-2012-4077

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-57358 // JVNDB: JVNDB-2013-004651 // NVD: CVE-2012-4077

THREAT TYPE

local

Trust: 0.9

sources: BID: 62849 // CNNVD: CNNVD-201310-278

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201310-278

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004651

PATCH

title:	Cisco NX-OS Software Input Validation Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4077	Trust: 0.8
title:	31141	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=31141	Trust: 0.8
title:	Cisco NX-OS Software Enter Patch to Verify Local Command Execution Vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/40053	Trust: 0.6

sources: CNVD: CNVD-2013-13502 // JVNDB: JVNDB-2013-004651

EXTERNAL IDS

db:	NVD	id:	CVE-2012-4077	Trust: 3.4
db:	BID	id:	62849	Trust: 2.0
db:	OSVDB	id:	98127	Trust: 1.1
db:	SECUNIA	id:	55191	Trust: 1.1
db:	JVNDB	id:	JVNDB-2013-004651	Trust: 0.8
db:	CNNVD	id:	CNNVD-201310-278	Trust: 0.7
db:	CNVD	id:	CNVD-2013-13502	Trust: 0.6
db:	CISCO	id:	20131004 CISCO NX-OS SOFTWARE INPUT VALIDATION VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-57358	Trust: 0.1

sources: CNVD: CNVD-2013-13502 // VULHUB: VHN-57358 // BID: 62849 // JVNDB: JVNDB-2013-004651 // CNNVD: CNNVD-201310-278 // NVD: CVE-2012-4077

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4077	Trust: 2.3
url:	http://www.securityfocus.com/bid/62849	Trust: 1.1
url:	http://osvdb.org/98127	Trust: 1.1
url:	http://secunia.com/advisories/55191	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4077	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4077	Trust: 0.8
url:	http://tools.cisco.com/support/bugtoolkit/search/getbugdetails.do?method=fetchbugdetails&bugid=csctf25457	Trust: 0.6
url:	http://tools.cisco.com/support/bugtoolkit/search/getbugdetails.do?method=fetchbugdetails&bugid=csctf27651	Trust: 0.6

sources: CNVD: CNVD-2013-13502 // VULHUB: VHN-57358 // JVNDB: JVNDB-2013-004651 // CNNVD: CNNVD-201310-278 // NVD: CVE-2012-4077

CREDITS

Cisco

Trust: 0.3

sources: BID: 62849

SOURCES

db:	CNVD	id:	CNVD-2013-13502
db:	VULHUB	id:	VHN-57358
db:	BID	id:	62849
db:	JVNDB	id:	JVNDB-2013-004651
db:	CNNVD	id:	CNNVD-201310-278
db:	NVD	id:	CVE-2012-4077

LAST UPDATE DATE

2024-08-14T13:58:11.127000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-13502	date:	2013-10-10T00:00:00
db:	VULHUB	id:	VHN-57358	date:	2016-09-23T00:00:00
db:	BID	id:	62849	date:	2013-10-10T06:43:00
db:	JVNDB	id:	JVNDB-2013-004651	date:	2013-10-17T00:00:00
db:	CNNVD	id:	CNNVD-201310-278	date:	2013-10-15T00:00:00
db:	NVD	id:	CVE-2012-4077	date:	2016-09-23T16:44:24.567

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-13502	date:	2013-10-10T00:00:00
db:	VULHUB	id:	VHN-57358	date:	2013-10-14T00:00:00
db:	BID	id:	62849	date:	2013-10-04T00:00:00
db:	JVNDB	id:	JVNDB-2013-004651	date:	2013-10-17T00:00:00
db:	CNNVD	id:	CNNVD-201310-278	date:	2013-10-15T00:00:00
db:	NVD	id:	CVE-2012-4077	date:	2013-10-14T03:34:54.963