ID
VAR-201310-0014
CVE
CVE-2012-4141
TITLE
Cisco NX-OS 'file name' parameter arbitrary file write vulnerability
Trust: 0.9
sources:
CNVD: CNVD-2013-13505 //
BID: 62839
DESCRIPTION
Directory traversal vulnerability in the CLI parser in Cisco NX-OS allows local users to create arbitrary script files via a relative pathname in the "file name" parameter, aka Bug IDs CSCua71557 and CSCua71551. Cisco NX-OS of CLI The parser contains a directory traversal vulnerability. The Cisco Nexus Series switches are data center switches. Adopt the Cisco Nexus OS operating system. Cisco NX-OS is prone to an arbitrary file-write vulnerability. This may aid in further attacks. This issue is being tracked by Cisco bug IDs CSCua71557 and CSCua71551
Trust: 2.61
sources:
NVD: CVE-2012-4141 //
JVNDB: JVNDB-2013-004524 //
CNVD: CNVD-2013-13505 //
BID: 62839 //
VULHUB: VHN-57422 //
VULMON: CVE-2012-4141
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2013-13505
AFFECTED PRODUCTS
| vendor: | cisco | model: | nx-os | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | cisco | model: | nx-os | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | nx-os software | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 5.2(1) | Trust: 0.3 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 5.1(1) | Trust: 0.3 |
| vendor: | cisco | model: | nx-os 5.0 n2 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 5.0(3) | Trust: 0.3 |
| vendor: | cisco | model: | nx-os 5.0 n1 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 4.2(6) | Trust: 0.3 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 4.2(4) | Trust: 0.3 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 4.2(3) | Trust: 0.3 |
| vendor: | cisco | model: | nx-os 4.2 n2 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | nx-os 4.1 n2 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | nx-os 4.0 n2 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | cisco | model: | nexus | scope: | eq | version: | 70000 | Trust: 0.3 |
| vendor: | cisco | model: | nexus | scope: | eq | version: | 50000 | Trust: 0.3 |
sources:
CNVD: CNVD-2013-13505 //
BID: 62839 //
JVNDB: JVNDB-2013-004524 //
CNNVD: CNNVD-201310-019 //
NVD: CVE-2012-4141
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
CNVD: CNVD-2013-13505 //
VULHUB: VHN-57422 //
VULMON: CVE-2012-4141 //
JVNDB: JVNDB-2013-004524 //
CNNVD: CNNVD-201310-019 //
NVD: CVE-2012-4141
PROBLEMTYPE DATA
| problemtype: | CWE-264 | Trust: 1.9 |
sources:
VULHUB: VHN-57422 //
JVNDB: JVNDB-2013-004524 //
NVD: CVE-2012-4141
THREAT TYPE
local
Trust: 0.9
sources:
BID: 62839 //
CNNVD: CNNVD-201310-019
TYPE
permissions and access control
Trust: 0.6
sources:
CNNVD: CNNVD-201310-019
CONFIGURATIONS
sources:
JVNDB: JVNDB-2013-004524
PATCH
| title: | Cisco NX-OS Local Write Redirection Vulnerability | url: | http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4141 | Trust: 0.8 |
| title: | Cisco NX-OS 'file name' parameter patch for arbitrary file write vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/40046 | Trust: 0.6 |
| title: | Cisco: Cisco NX-OS Local Write Redirection Vulnerability | url: | https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=Cisco-SA-20131008-CVE-2012-4141 | Trust: 0.1 |
sources:
CNVD: CNVD-2013-13505 //
VULMON: CVE-2012-4141 //
JVNDB: JVNDB-2013-004524
EXTERNAL IDS
| db: | NVD | id: | CVE-2012-4141 | Trust: 3.5 |
| db: | BID | id: | 62839 | Trust: 2.1 |
| db: | SECTRACK | id: | 1029160 | Trust: 1.2 |
| db: | OSVDB | id: | 98122 | Trust: 1.2 |
| db: | JVNDB | id: | JVNDB-2013-004524 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201310-019 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2013-13505 | Trust: 0.6 |
| db: | CISCO | id: | 20131004 CISCO NX-OS LOCAL WRITE REDIRECTION VULNERABILITY | Trust: 0.6 |
| db: | VULHUB | id: | VHN-57422 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2012-4141 | Trust: 0.1 |
sources:
CNVD: CNVD-2013-13505 //
VULHUB: VHN-57422 //
VULMON: CVE-2012-4141 //
BID: 62839 //
JVNDB: JVNDB-2013-004524 //
CNNVD: CNNVD-201310-019 //
NVD: CVE-2012-4141
REFERENCES
| url: | http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4141 | Trust: 2.4 |
| url: | http://www.securityfocus.com/bid/62839 | Trust: 1.2 |
| url: | http://osvdb.org/98122 | Trust: 1.2 |
| url: | http://www.securitytracker.com/id/1029160 | Trust: 1.2 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4141 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4141 | Trust: 0.8 |
| url: | http://tools.cisco.com/support/bugtoolkit/search/getbugdetails.do?method=fetchbugdetails&bugid=cscua71557 | Trust: 0.6 |
| url: | http://tools.cisco.com/support/bugtoolkit/search/getbugdetails.do?method=fetchbugdetails&bugid=cscua71551 | Trust: 0.6 |
| url: | https://cwe.mitre.org/data/definitions/264.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
| url: | http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20131008-cve-2012-4141 | Trust: 0.1 |
sources:
CNVD: CNVD-2013-13505 //
VULHUB: VHN-57422 //
VULMON: CVE-2012-4141 //
JVNDB: JVNDB-2013-004524 //
CNNVD: CNNVD-201310-019 //
NVD: CVE-2012-4141
CREDITS
Cisco
Trust: 0.3
sources:
BID: 62839
SOURCES
| db: | CNVD | id: | CNVD-2013-13505 |
| db: | VULHUB | id: | VHN-57422 |
| db: | VULMON | id: | CVE-2012-4141 |
| db: | BID | id: | 62839 |
| db: | JVNDB | id: | JVNDB-2013-004524 |
| db: | CNNVD | id: | CNNVD-201310-019 |
| db: | NVD | id: | CVE-2012-4141 |
LAST UPDATE DATE
2024-08-14T14:58:14.812000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2013-13505 | date: | 2013-10-10T00:00:00 |
| db: | VULHUB | id: | VHN-57422 | date: | 2016-09-22T00:00:00 |
| db: | VULMON | id: | CVE-2012-4141 | date: | 2016-09-22T00:00:00 |
| db: | BID | id: | 62839 | date: | 2013-10-10T00:13:00 |
| db: | JVNDB | id: | JVNDB-2013-004524 | date: | 2013-10-08T00:00:00 |
| db: | CNNVD | id: | CNNVD-201310-019 | date: | 2013-10-08T00:00:00 |
| db: | NVD | id: | CVE-2012-4141 | date: | 2016-09-22T17:35:44.887 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2013-13505 | date: | 2013-10-10T00:00:00 |
| db: | VULHUB | id: | VHN-57422 | date: | 2013-10-05T00:00:00 |
| db: | VULMON | id: | CVE-2012-4141 | date: | 2013-10-05T00:00:00 |
| db: | BID | id: | 62839 | date: | 2013-10-04T00:00:00 |
| db: | JVNDB | id: | JVNDB-2013-004524 | date: | 2013-10-08T00:00:00 |
| db: | CNNVD | id: | CNNVD-201310-019 | date: | 2013-10-08T00:00:00 |
| db: | NVD | id: | CVE-2012-4141 | date: | 2013-10-05T10:55:03.417 |