Details of VAR-201310-0505

ID

VAR-201310-0505

CVE

CVE-2013-5522

TITLE

Catalyst 3750X Runs on the switch Cisco IOS Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2013-004893

DESCRIPTION

Cisco IOS on Catalyst 3750X switches has default Service Module credentials, which makes it easier for local users to gain privileges via a Service Module login, aka Bug ID CSCue92286. The Cisco Catalyst 3750 Series Switch is an innovative switch that increases LAN efficiency by combining industry-leading ease of use with the highest resiliency of stackable switches. Allows an attacker to exploit the vulnerability to gain full access to the affected device. This issue is tracked by Cisco Bug ID CSCue92286

Trust: 2.52

sources: NVD: CVE-2013-5522 // JVNDB: JVNDB-2013-004893 // CNVD: CNVD-2013-14084 // BID: 63342 // VULHUB: VHN-65524

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-14084

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	catalyst 3750-x	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	catalyst 3750-x series	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	15.0(2)se1	Trust: 0.8
vendor:	cisco	model:	catalyst series	scope:	eq	version:	3750	Trust: 0.6
vendor:	cisco	model:	ios 15.0se	scope:	-	version:	-	Trust: 0.3

sources: CNVD: CNVD-2013-14084 // BID: 63342 // JVNDB: JVNDB-2013-004893 // CNNVD: CNNVD-201310-613 // NVD: CVE-2013-5522

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-5522
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-5522
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2013-14084
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201310-613
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-65524
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-5522
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-14084
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-65524
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2013-14084 // VULHUB: VHN-65524 // JVNDB: JVNDB-2013-004893 // CNNVD: CNNVD-201310-613 // NVD: CVE-2013-5522

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-65524 // JVNDB: JVNDB-2013-004893 // NVD: CVE-2013-5522

THREAT TYPE

local

Trust: 0.9

sources: BID: 63342 // CNNVD: CNNVD-201310-613

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201310-613

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004893

PATCH

title:	Cisco Catalyst 3750-X Series Switch Default Credentials Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5522	Trust: 0.8
title:	31496	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=31496	Trust: 0.8
title:	Cisco Catalyst 3750 Series Switches Default Certificate Credentials Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/40543	Trust: 0.6

sources: CNVD: CNVD-2013-14084 // JVNDB: JVNDB-2013-004893

EXTERNAL IDS

db:	NVD	id:	CVE-2013-5522	Trust: 3.4
db:	BID	id:	63342	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-004893	Trust: 0.8
db:	CNNVD	id:	CNNVD-201310-613	Trust: 0.7
db:	CNVD	id:	CNVD-2013-14084	Trust: 0.6
db:	CISCO	id:	20131024 CISCO CATALYST 3750X DEFAULT CREDENTIALS VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-65524	Trust: 0.1

sources: CNVD: CNVD-2013-14084 // VULHUB: VHN-65524 // BID: 63342 // JVNDB: JVNDB-2013-004893 // CNNVD: CNNVD-201310-613 // NVD: CVE-2013-5522

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-5522	Trust: 2.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5522	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5522	Trust: 0.8
url:	http://www.cisco.com/en/us/products/hw/switches/index.html	Trust: 0.3
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2013-14084 // VULHUB: VHN-65524 // BID: 63342 // JVNDB: JVNDB-2013-004893 // CNNVD: CNNVD-201310-613 // NVD: CVE-2013-5522

CREDITS

Cisco

Trust: 0.3

sources: BID: 63342

SOURCES

db:	CNVD	id:	CNVD-2013-14084
db:	VULHUB	id:	VHN-65524
db:	BID	id:	63342
db:	JVNDB	id:	JVNDB-2013-004893
db:	CNNVD	id:	CNNVD-201310-613
db:	NVD	id:	CVE-2013-5522

LAST UPDATE DATE

2024-11-23T22:31:22.230000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-14084	date:	2013-10-28T00:00:00
db:	VULHUB	id:	VHN-65524	date:	2013-10-25T00:00:00
db:	BID	id:	63342	date:	2013-10-28T00:10:00
db:	JVNDB	id:	JVNDB-2013-004893	date:	2013-10-28T00:00:00
db:	CNNVD	id:	CNNVD-201310-613	date:	2013-10-28T00:00:00
db:	NVD	id:	CVE-2013-5522	date:	2024-11-21T01:57:38.030

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-14084	date:	2013-10-28T00:00:00
db:	VULHUB	id:	VHN-65524	date:	2013-10-25T00:00:00
db:	BID	id:	63342	date:	2013-10-24T00:00:00
db:	JVNDB	id:	JVNDB-2013-004893	date:	2013-10-28T00:00:00
db:	CNNVD	id:	CNNVD-201310-613	date:	2013-10-28T00:00:00
db:	NVD	id:	CVE-2013-5522	date:	2013-10-25T03:52:54.970