Details of VAR-201310-0008

ID

VAR-201310-0008

CVE

CVE-2012-4090

TITLE

Nexus 7000 Runs on the device Cisco NX-OS Vulnerability in obtaining information on important configuration files

Trust: 0.8

sources: JVNDB: JVNDB-2013-004520

DESCRIPTION

The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to obtain sensitive configuration-file information by leveraging the network-operator role, aka Bug ID CSCti09089. The Cisco Nexus Series switches are data center switches. Adopt the Cisco Nexus OS operating system. Users who have the network-operator role can view the configuration file and get sensitive information because the configuration file is not properly filtered. This may result in further attacks. This issue is being tracked by Cisco Bug ID CSCti09089

Trust: 2.52

sources: NVD: CVE-2012-4090 // JVNDB: JVNDB-2013-004520 // CNVD: CNVD-2013-13506 // BID: 62841 // VULHUB: VHN-57371

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-13506

AFFECTED PRODUCTS

vendor:	cisco	model:	nx-os	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	nexus 7000	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 7000 9-slot	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 7000 10-slot	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 7000 18-slot	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 7000 10 slot switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 7000 18 slot switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 7000 9 slot switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 7000 series switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.1.(2) to 5.0.(5)	Trust: 0.8
vendor:	cisco	model:	nx-os software	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0(3)	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.2(6)	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.2(5)	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.2(4)	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.2(3)	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.1(4)	Trust: 0.3
vendor:	cisco	model:	nexus	scope:	eq	version:	70000	Trust: 0.3

sources: CNVD: CNVD-2013-13506 // BID: 62841 // JVNDB: JVNDB-2013-004520 // CNNVD: CNNVD-201310-015 // NVD: CVE-2012-4090

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-4090
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-4090
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2013-13506
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201310-015
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-57371
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-4090
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-13506
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-57371
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2013-13506 // VULHUB: VHN-57371 // JVNDB: JVNDB-2013-004520 // CNNVD: CNNVD-201310-015 // NVD: CVE-2012-4090

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-57371 // JVNDB: JVNDB-2013-004520 // NVD: CVE-2012-4090

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-015

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201310-015

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004520

PATCH

title:	Cisco Nexus 7000 Information Disclosure Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4090	Trust: 0.8
title:	31137	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=31137	Trust: 0.8
title:	Patch for the Cisco Nexus 7000 Series Switch NX-OS Remote Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/40043	Trust: 0.6

sources: CNVD: CNVD-2013-13506 // JVNDB: JVNDB-2013-004520

EXTERNAL IDS

db:	NVD	id:	CVE-2012-4090	Trust: 3.4
db:	BID	id:	62841	Trust: 2.0
db:	SECTRACK	id:	1029158	Trust: 1.1
db:	OSVDB	id:	98123	Trust: 1.1
db:	SECUNIA	id:	55206	Trust: 1.1
db:	JVNDB	id:	JVNDB-2013-004520	Trust: 0.8
db:	CNNVD	id:	CNNVD-201310-015	Trust: 0.7
db:	CNVD	id:	CNVD-2013-13506	Trust: 0.6
db:	CISCO	id:	20131004 CISCO NEXUS 7000 INFORMATION DISCLOSURE VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-57371	Trust: 0.1

sources: CNVD: CNVD-2013-13506 // VULHUB: VHN-57371 // BID: 62841 // JVNDB: JVNDB-2013-004520 // CNNVD: CNNVD-201310-015 // NVD: CVE-2012-4090

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4090	Trust: 2.3
url:	http://www.securityfocus.com/bid/62841	Trust: 1.1
url:	http://osvdb.org/98123	Trust: 1.1
url:	http://www.securitytracker.com/id/1029158	Trust: 1.1
url:	http://secunia.com/advisories/55206	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/87670	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4090	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4090	Trust: 0.8
url:	http://tools.cisco.com/support/bugtoolkit/search/getbugdetails.do?method=fetchbugdetails&bugid=cscti09089	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2013-13506 // VULHUB: VHN-57371 // BID: 62841 // JVNDB: JVNDB-2013-004520 // CNNVD: CNNVD-201310-015 // NVD: CVE-2012-4090

CREDITS

Cisco

Trust: 0.3

sources: BID: 62841

SOURCES

db:	CNVD	id:	CNVD-2013-13506
db:	VULHUB	id:	VHN-57371
db:	BID	id:	62841
db:	JVNDB	id:	JVNDB-2013-004520
db:	CNNVD	id:	CNNVD-201310-015
db:	NVD	id:	CVE-2012-4090

LAST UPDATE DATE

2024-08-14T15:35:09.046000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-13506	date:	2013-10-10T00:00:00
db:	VULHUB	id:	VHN-57371	date:	2017-08-29T00:00:00
db:	BID	id:	62841	date:	2013-10-09T01:06:00
db:	JVNDB	id:	JVNDB-2013-004520	date:	2013-10-08T00:00:00
db:	CNNVD	id:	CNNVD-201310-015	date:	2013-10-08T00:00:00
db:	NVD	id:	CVE-2012-4090	date:	2017-08-29T01:32:09.900

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-13506	date:	2013-10-10T00:00:00
db:	VULHUB	id:	VHN-57371	date:	2013-10-05T00:00:00
db:	BID	id:	62841	date:	2013-10-04T00:00:00
db:	JVNDB	id:	JVNDB-2013-004520	date:	2013-10-08T00:00:00
db:	CNNVD	id:	CNNVD-201310-015	date:	2013-10-08T00:00:00
db:	NVD	id:	CVE-2012-4090	date:	2013-10-05T10:55:03.307