Sign-up

ID

VAR-201310-0034


CVE

CVE-2012-4122


TITLE

Cisco NX-OS of CLI Vulnerabilities that can bypass access restrictions in parsers

Trust: 0.8

sources: JVNDB: JVNDB-2013-004523

DESCRIPTION

The CLI parser in Cisco NX-OS allows local users to bypass intended access restrictions, and overwrite or create arbitrary files, via shell output redirection, aka Bug IDs CSCts56672 and CSCts56669. The Cisco Nexus Series switches are data center switches. Adopt the Cisco Nexus OS operating system. An attacker can exploit this issue to create or overwrite arbitrary files on the affected device. This may aid in further attacks. This issue is being tracked by Cisco bug IDs CSCts56672 and CSCts56669

Trust: 2.52

sources: NVD: CVE-2012-4122 // JVNDB: JVNDB-2013-004523 // CNVD: CNVD-2013-13501 // BID: 62843 // VULHUB: VHN-57403

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-13501

AFFECTED PRODUCTS

vendor:ciscomodel:nx-osscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:nx-osscope: - version: -

Trust: 0.8

vendor:ciscomodel:nx-os softwarescope: - version: -

Trust: 0.6

vendor:ciscomodel:nx-osscope:eqversion:5.2(1)

Trust: 0.3

vendor:ciscomodel:nx-os 5.1 n1scope: - version: -

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:5.1(1)

Trust: 0.3

vendor:ciscomodel:nx-os 5.0 n2scope: - version: -

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:5.0(3)

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:4.2(6)

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:4.2(4)

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:4.2(3)

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:nexusscope:eqversion:70000

Trust: 0.3

vendor:ciscomodel:nexusscope:eqversion:50000

Trust: 0.3

sources: CNVD: CNVD-2013-13501 // BID: 62843 // JVNDB: JVNDB-2013-004523 // CNNVD: CNNVD-201310-018 // NVD: CVE-2012-4122

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-4122
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-4122
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-13501
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201310-018
value: MEDIUM

Trust: 0.6

VULHUB: VHN-57403
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-4122
severity: MEDIUM
baseScore: 6.2
vectorString: AV:L/AC:L/AU:S/C:N/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-13501
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:S/C:N/I:C/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 3.1
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-57403
severity: MEDIUM
baseScore: 6.2
vectorString: AV:L/AC:L/AU:S/C:N/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2013-13501 // VULHUB: VHN-57403 // JVNDB: JVNDB-2013-004523 // CNNVD: CNNVD-201310-018 // NVD: CVE-2012-4122

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-57403 // JVNDB: JVNDB-2013-004523 // NVD: CVE-2012-4122

THREAT TYPE

local

Trust: 0.9

sources: BID: 62843 // CNNVD: CNNVD-201310-018

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201310-018

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004523

PATCH
title:Cisco NX-OS Software Input Validation Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4122
Trust: 0.8
title:The Cisco NX-OS Software CLI parser creates a patch that covers the vulnerability in any file.url:https://www.cnvd.org.cn/patchInfo/show/40059
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-13501 // 
            
            
            
            JVNDB: JVNDB-2013-004523

EXTERNAL IDS
db:NVDid:CVE-2012-4122
Trust: 3.4
db:BIDid:62843
Trust: 2.0
db:OSVDBid:98121
Trust: 1.1
db:JVNDBid:JVNDB-2013-004523
Trust: 0.8
db:CNNVDid:CNNVD-201310-018
Trust: 0.7
db:CNVDid:CNVD-2013-13501
Trust: 0.6
db:CISCOid:20131004 CISCO NX-OS SOFTWARE INPUT VALIDATION VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-57403
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-13501 // 
            
            
            
            VULHUB: VHN-57403 // 
            
            
            
            BID: 62843 // 
            
            
            
            JVNDB: JVNDB-2013-004523 // 
            
            
            
            CNNVD: CNNVD-201310-018 // 
            
            
            
            NVD: CVE-2012-4122

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4122
Trust: 2.3
url:http://www.securityfocus.com/bid/62843
Trust: 1.1
url:http://osvdb.org/98121
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/87672
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4122
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4122
Trust: 0.8
url:http://tools.cisco.com/support/bugtoolkit/search/getbugdetails.do?method=fetchbugdetails&bugid=cscts56672
Trust: 0.6
url:http://tools.cisco.com/support/bugtoolkit/search/getbugdetails.do?method=fetchbugdetails&bugid=cscts56669
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-13501 // 
            
            
            
            VULHUB: VHN-57403 // 
            
            
            
            JVNDB: JVNDB-2013-004523 // 
            
            
            
            CNNVD: CNNVD-201310-018 // 
            
            
            
            NVD: CVE-2012-4122

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 62843

SOURCES
db:CNVDid:CNVD-2013-13501
db:VULHUBid:VHN-57403
db:BIDid:62843
db:JVNDBid:JVNDB-2013-004523
db:CNNVDid:CNNVD-201310-018
db:NVDid:CVE-2012-4122

LAST UPDATE DATE
2024-08-14T13:58:11.091000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-13501date:2013-10-10T00:00:00
db:VULHUBid:VHN-57403date:2017-08-29T00:00:00
db:BIDid:62843date:2013-10-10T17:04:00
db:JVNDBid:JVNDB-2013-004523date:2013-10-08T00:00:00
db:CNNVDid:CNNVD-201310-018date:2013-10-08T00:00:00
db:NVDid:CVE-2012-4122date:2017-08-29T01:32:10.167

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-13501date:2013-10-10T00:00:00
db:VULHUBid:VHN-57403date:2013-10-05T00:00:00
db:BIDid:62843date:2013-10-04T00:00:00
db:JVNDBid:JVNDB-2013-004523date:2013-10-08T00:00:00
db:CNNVDid:CNNVD-201310-018date:2013-10-08T00:00:00
db:NVDid:CVE-2012-4122date:2013-10-05T10:55:03.400