Sign-up

ID

VAR-201401-0340


CVE

CVE-2014-0676


TITLE

Cisco NX-OS Software TACACS+ Server Local Privilege Escalation Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2014-00585 // BID: 65083

DESCRIPTION

Cisco NX-OS allows local users to bypass intended TACACS+ command restrictions via a series of multiple commands, aka Bug ID CSCum47367. Cisco NX-OS Is TACACS+ A vulnerability exists that circumvents command restrictions. Cisco NX-OS software is a data center-level operating system that reflects modular design, resiliency, and maintainability. The vulnerability is due to the failure to properly filter the sequence of strings provided by the user, executing multiple commands in a sequence, allowing an attacker to execute unauthorized commands. Cisco NX-OS is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary commands with elevated privileges. This issue is being tracked by Cisco Bug ID CSCum47367. Cisco NX-OS is a data center-oriented operating system developed by Cisco

Trust: 2.52

sources: NVD: CVE-2014-0676 // JVNDB: JVNDB-2014-001234 // CNVD: CNVD-2014-00585 // BID: 65083 // VULHUB: VHN-68169

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-00585

AFFECTED PRODUCTS

vendor:ciscomodel:nx-osscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:nx-osscope:lteversion:6.2(2a)

Trust: 0.8

vendor:ciscomodel:nx-os softwarescope: - version: -

Trust: 0.6

vendor:ciscomodel:nx-osscope:eqversion:5.2(1)

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:5.1(1)

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:5.0(3)

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:4.2(6)

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:4.2(5)

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:4.2(4)

Trust: 0.3

vendor:ciscomodel:nx-osscope:eqversion:4.2(3)

Trust: 0.3

sources: CNVD: CNVD-2014-00585 // BID: 65083 // JVNDB: JVNDB-2014-001234 // CNNVD: CNNVD-201401-429 // NVD: CVE-2014-0676

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0676
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-0676
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-00585
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201401-429
value: MEDIUM

Trust: 0.6

VULHUB: VHN-68169
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-0676
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-00585
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-68169
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-00585 // VULHUB: VHN-68169 // JVNDB: JVNDB-2014-001234 // CNNVD: CNNVD-201401-429 // NVD: CVE-2014-0676

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-68169 // JVNDB: JVNDB-2014-001234 // NVD: CVE-2014-0676

THREAT TYPE

local

Trust: 0.9

sources: BID: 65083 // CNNVD: CNNVD-201401-429

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201401-429

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001234

PATCH
title:Cisco NX-OS Software TACACS+ Command Authorization Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0676
Trust: 0.8
title:32531url:http://tools.cisco.com/security/center/viewAlert.x?alertId=32531
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-001234

EXTERNAL IDS
db:NVDid:CVE-2014-0676
Trust: 3.4
db:BIDid:65083
Trust: 2.0
db:OSVDBid:102366
Trust: 1.1
db:SECTRACKid:1029690
Trust: 1.1
db:SECUNIAid:56597
Trust: 1.1
db:JVNDBid:JVNDB-2014-001234
Trust: 0.8
db:CNNVDid:CNNVD-201401-429
Trust: 0.7
db:CNVDid:CNVD-2014-00585
Trust: 0.6
db:CISCOid:20140122 CISCO NX-OS SOFTWARE TACACS+ COMMAND AUTHORIZATION VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-68169
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-00585 // 
            
            
            
            VULHUB: VHN-68169 // 
            
            
            
            BID: 65083 // 
            
            
            
            JVNDB: JVNDB-2014-001234 // 
            
            
            
            CNNVD: CNNVD-201401-429 // 
            
            
            
            NVD: CVE-2014-0676

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0676
Trust: 2.3
url:http://www.securityfocus.com/bid/65083
Trust: 1.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=32531
Trust: 1.1
url:http://osvdb.org/102366
Trust: 1.1
url:http://www.securitytracker.com/id/1029690
Trust: 1.1
url:http://secunia.com/advisories/56597
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/90627
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0676
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0676
Trust: 0.8
url:https://tools.cisco.com/bugsearch/bug/cscum47367
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-00585 // 
            
            
            
            VULHUB: VHN-68169 // 
            
            
            
            BID: 65083 // 
            
            
            
            JVNDB: JVNDB-2014-001234 // 
            
            
            
            CNNVD: CNNVD-201401-429 // 
            
            
            
            NVD: CVE-2014-0676

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 65083

SOURCES
db:CNVDid:CNVD-2014-00585
db:VULHUBid:VHN-68169
db:BIDid:65083
db:JVNDBid:JVNDB-2014-001234
db:CNNVDid:CNNVD-201401-429
db:NVDid:CVE-2014-0676

LAST UPDATE DATE
2024-11-23T22:39:03.741000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-00585date:2014-01-24T00:00:00
db:VULHUBid:VHN-68169date:2017-08-29T00:00:00
db:BIDid:65083date:2014-01-24T00:33:00
db:JVNDBid:JVNDB-2014-001234date:2014-01-24T00:00:00
db:CNNVDid:CNNVD-201401-429date:2014-01-30T00:00:00
db:NVDid:CVE-2014-0676date:2024-11-21T02:02:38.493

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-00585date:2014-01-24T00:00:00
db:VULHUBid:VHN-68169date:2014-01-22T00:00:00
db:BIDid:65083date:2014-01-22T00:00:00
db:JVNDBid:JVNDB-2014-001234date:2014-01-24T00:00:00
db:CNNVDid:CNNVD-201401-429date:2014-01-30T00:00:00
db:NVDid:CVE-2014-0676date:2014-01-22T21:55:03.607