Details of VAR-201312-0019

ID

VAR-201312-0019

CVE

CVE-2012-4135

TITLE

Cisco NX-OS of filesys Vulnerable to directory traversal

Trust: 0.8

sources: JVNDB: JVNDB-2013-005659

DESCRIPTION

Directory traversal vulnerability in filesys in Cisco NX-OS 6.1(2) and earlier allows local users to access arbitrary files via crafted command-line arguments during a delete action, aka Bug IDs CSCty07270, CSCty07271, CSCty07273, and CSCty07275. Cisco NX-OS of filesys Contains a directory traversal vulnerability. The Cisco Nexus Series switches are data center switches. Adopt the Cisco Nexus OS operating system. Cisco NX-OS is prone to a local arbitrary file-access vulnerability because it fails to sanitize user-supplied input. Local attackers can exploit this issue to delete arbitrary files using directory-traversal strings. This may lead to further attacks. This issue is being tracked by Cisco Bug IDs CSCty07270, CSCty07271, CSCty07273, and CSCty07275. The vulnerability is caused by the program not adequately filtering the input submitted by the user

Trust: 2.52

sources: NVD: CVE-2012-4135 // JVNDB: JVNDB-2013-005659 // CNVD: CNVD-2013-15444 // BID: 64450 // VULHUB: VHN-57416

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-15444

AFFECTED PRODUCTS

vendor:	cisco	model:	nx-os	scope:	eq	version:	4.0\(4\)sv1\(1\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.2\(8\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.0\(1a\)n2\(1a\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	6.1\(1\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.0\(4\)sv1\(3a\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	6.1	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.0\(4\)sv1\(3\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.2.\(2a\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.0\(4\)sv1\(2\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.0\(1a\)n1\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.2\(1\)sv1\(5.1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)u1\(1d\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.1\(3\)n1\(1a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)n2\(2b\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)n1\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.2	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.2\(6\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.2\(1\)sv1\(4a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.2\(2\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.1\(3\)n1\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)n2\(2\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)u5\(1b\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(5\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.1\(3\)n2\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)u2\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)u3\(2\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)u2\(2a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.2\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.2\(5\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.1.\(4\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.1\(3\)n1\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.1\(2\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.0\(1a\)n1\(1a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)u2\(2\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	6.0\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lte	version:	6.1\(2\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.2\(1\)n1\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)u1\(1b\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.2\(3\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.1\(5\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.1\(3\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.2\(9\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.2\(3a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.2\(1\)sv1\(4\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.0\(4\)sv1\(3b\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.1.\(5\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)u1\(2a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.2\(1\)n2\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)u5\(1a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.1\(3\)n1\(1a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.2	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)u5\(1d\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.1\(1a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)u1\(1a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.2\(1\)n2\(1a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.2\(4\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.0	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.2\(4\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)n2\(2a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)u3\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)u5\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)u2\(2c\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)n1\(1a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.0\(0\)n1\(2\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)u2\(2d\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.1.\(2\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)n2\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)u5\(1c\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)u3\(2a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)u5\(1e\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.0\(0\)n1\(1a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(2\)n2\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.1\(6\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)u2\(2b\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.0\(0\)n1\(2a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)u1\(2\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.1.\(3\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.1\(4\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.2\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(2\)n2\(1a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	6.0\(2\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.0\(1a\)n2\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(2\)n1\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(2a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.0\(4\)sv1\(3c\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.1\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)u4\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)n1\(1c\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.1	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.1\(3\)n2\(1a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(2\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.0\(4\)sv1\(3d\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.2\(3\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)n1\(1b\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)u3\(2b\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.2\(7\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lte	version:	6.1(2)	Trust: 0.8
vendor:	cisco	model:	nx-os	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	6.1\(2\)	Trust: 0.6

sources: CNVD: CNVD-2013-15444 // JVNDB: JVNDB-2013-005659 // CNNVD: CNNVD-201312-432 // NVD: CVE-2012-4135

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-4135
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-4135
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2013-15444
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201312-432
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-57416
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-4135
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:S/C:N/I:C/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	3.1
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-15444
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:S/C:N/I:C/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	3.1
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-57416
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:S/C:N/I:C/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	3.1
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2013-15444 // VULHUB: VHN-57416 // JVNDB: JVNDB-2013-005659 // CNNVD: CNNVD-201312-432 // NVD: CVE-2012-4135

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.9

sources: VULHUB: VHN-57416 // JVNDB: JVNDB-2013-005659 // NVD: CVE-2012-4135

THREAT TYPE

local

Trust: 0.9

sources: BID: 64450 // CNNVD: CNNVD-201312-432

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201312-432

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005659

PATCH

title:	Cisco NX-OS Directory Traversal Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4135	Trust: 0.8
title:	32237	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=32237	Trust: 0.8
title:	Patch for Cisco NX-OS CLI Local Arbitrary File Access Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/41893	Trust: 0.6

sources: CNVD: CNVD-2013-15444 // JVNDB: JVNDB-2013-005659

EXTERNAL IDS

db:	NVD	id:	CVE-2012-4135	Trust: 3.4
db:	BID	id:	64450	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-005659	Trust: 0.8
db:	CNNVD	id:	CNNVD-201312-432	Trust: 0.7
db:	CNVD	id:	CNVD-2013-15444	Trust: 0.6
db:	CISCO	id:	20131219 CISCO NX-OS DIRECTORY TRAVERSAL VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-57416	Trust: 0.1

sources: CNVD: CNVD-2013-15444 // VULHUB: VHN-57416 // BID: 64450 // JVNDB: JVNDB-2013-005659 // CNNVD: CNNVD-201312-432 // NVD: CVE-2012-4135

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4135	Trust: 2.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=32237	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4135	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4135	Trust: 0.8
url:	https://tools.cisco.com/bugsearch/bug/cscty07270	Trust: 0.6
url:	https://tools.cisco.com/bugsearch/bug/cscty07271	Trust: 0.6
url:	https://tools.cisco.com/bugsearch/bug/cscty07273	Trust: 0.6
url:	https://tools.cisco.com/bugsearch/bug/cscty07275	Trust: 0.6

sources: CNVD: CNVD-2013-15444 // VULHUB: VHN-57416 // JVNDB: JVNDB-2013-005659 // CNNVD: CNNVD-201312-432 // NVD: CVE-2012-4135

CREDITS

Cisco

Trust: 0.3

sources: BID: 64450

SOURCES

db:	CNVD	id:	CNVD-2013-15444
db:	VULHUB	id:	VHN-57416
db:	BID	id:	64450
db:	JVNDB	id:	JVNDB-2013-005659
db:	CNNVD	id:	CNNVD-201312-432
db:	NVD	id:	CVE-2012-4135

LAST UPDATE DATE

2024-08-14T14:14:18.895000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-15444	date:	2013-12-20T00:00:00
db:	VULHUB	id:	VHN-57416	date:	2013-12-23T00:00:00
db:	BID	id:	64450	date:	2013-12-23T00:18:00
db:	JVNDB	id:	JVNDB-2013-005659	date:	2013-12-24T00:00:00
db:	CNNVD	id:	CNNVD-201312-432	date:	2013-12-23T00:00:00
db:	NVD	id:	CVE-2012-4135	date:	2013-12-23T17:15:16.130

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-15444	date:	2013-12-20T00:00:00
db:	VULHUB	id:	VHN-57416	date:	2013-12-21T00:00:00
db:	BID	id:	64450	date:	2013-12-19T00:00:00
db:	JVNDB	id:	JVNDB-2013-005659	date:	2013-12-24T00:00:00
db:	CNNVD	id:	CNNVD-201312-432	date:	2013-12-23T00:00:00
db:	NVD	id:	CVE-2012-4135	date:	2013-12-21T14:22:56.067