Details of VAR-201312-0020

ID

VAR-201312-0020

CVE

CVE-2012-4131

TITLE

Cisco NX-OS Command Line Interface (CLI) Local Arbitrary File Access Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2013-15518 // BID: 64455

DESCRIPTION

Directory traversal vulnerability in tar in Cisco NX-OS allows local users to access arbitrary files via crafted command-line arguments, aka Bug IDs CSCty07157, CSCty07159, CSCty07162, and CSCty07164. Cisco NX-OS of tar Contains a directory traversal vulnerability. The Cisco Nexus Series switches are data center switches. Adopt the Cisco Nexus OS operating system. Since the program fails to properly filter the input submitted by the user, the local attacker can access any file through the tar command. Cisco NX-OS is prone to a local arbitrary file-access vulnerability because it fails to sanitize user-supplied input. Local attackers can exploit this issue to access arbitrary files using directory-traversal strings. This may lead to further attacks. This issue is being tracked by Cisco Bug IDs CSCty07157, CSCty07159, CSCty07162, and CSCty07164

Trust: 2.52

sources: NVD: CVE-2012-4131 // JVNDB: JVNDB-2013-005658 // CNVD: CNVD-2013-15518 // BID: 64455 // VULHUB: VHN-57412

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-15518

AFFECTED PRODUCTS

vendor:	cisco	model:	nx-os	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	0	Trust: 0.9
vendor:	cisco	model:	nx-os	scope:	lte	version:	6.1(4a)	Trust: 0.8

sources: CNVD: CNVD-2013-15518 // BID: 64455 // JVNDB: JVNDB-2013-005658 // CNNVD: CNNVD-201312-431 // NVD: CVE-2012-4131

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-4131
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-4131
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2013-15518
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201312-431
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-57412
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-4131
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:S/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.1
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-15518
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:S/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.1
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-57412
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:S/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.1
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2013-15518 // VULHUB: VHN-57412 // JVNDB: JVNDB-2013-005658 // CNNVD: CNNVD-201312-431 // NVD: CVE-2012-4131

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.9

sources: VULHUB: VHN-57412 // JVNDB: JVNDB-2013-005658 // NVD: CVE-2012-4131

THREAT TYPE

local

Trust: 0.9

sources: BID: 64455 // CNNVD: CNNVD-201312-431

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201312-431

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005658

PATCH

title:	Cisco NX-OS Arbitrary File Access Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4131	Trust: 0.8
title:	32244	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=32244	Trust: 0.8

sources: JVNDB: JVNDB-2013-005658

EXTERNAL IDS

db:	NVD	id:	CVE-2012-4131	Trust: 3.4
db:	BID	id:	64455	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-005658	Trust: 0.8
db:	CNNVD	id:	CNNVD-201312-431	Trust: 0.7
db:	CNVD	id:	CNVD-2013-15518	Trust: 0.6
db:	CISCO	id:	20131219 CISCO NX-OS ARBITRARY FILE ACCESS VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-57412	Trust: 0.1

sources: CNVD: CNVD-2013-15518 // VULHUB: VHN-57412 // BID: 64455 // JVNDB: JVNDB-2013-005658 // CNNVD: CNNVD-201312-431 // NVD: CVE-2012-4131

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4131	Trust: 2.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4131	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4131	Trust: 0.8

sources: CNVD: CNVD-2013-15518 // VULHUB: VHN-57412 // JVNDB: JVNDB-2013-005658 // CNNVD: CNNVD-201312-431 // NVD: CVE-2012-4131

CREDITS

Cisco

Trust: 0.3

sources: BID: 64455

SOURCES

db:	CNVD	id:	CNVD-2013-15518
db:	VULHUB	id:	VHN-57412
db:	BID	id:	64455
db:	JVNDB	id:	JVNDB-2013-005658
db:	CNNVD	id:	CNNVD-201312-431
db:	NVD	id:	CVE-2012-4131

LAST UPDATE DATE

2024-08-14T13:35:29.362000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-15518	date:	2013-12-24T00:00:00
db:	VULHUB	id:	VHN-57412	date:	2013-12-23T00:00:00
db:	BID	id:	64455	date:	2013-12-25T00:59:00
db:	JVNDB	id:	JVNDB-2013-005658	date:	2013-12-24T00:00:00
db:	CNNVD	id:	CNNVD-201312-431	date:	2013-12-23T00:00:00
db:	NVD	id:	CVE-2012-4131	date:	2013-12-23T16:09:19.753

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-15518	date:	2013-12-24T00:00:00
db:	VULHUB	id:	VHN-57412	date:	2013-12-21T00:00:00
db:	BID	id:	64455	date:	2013-12-19T00:00:00
db:	JVNDB	id:	JVNDB-2013-005658	date:	2013-12-24T00:00:00
db:	CNNVD	id:	CNNVD-201312-431	date:	2013-12-23T00:00:00
db:	NVD	id:	CVE-2012-4131	date:	2013-12-21T14:22:56.033