Details of VAR-201405-0055

ID

VAR-201405-0055

CVE

CVE-2013-1191

TITLE

Nexus 7000 Runs on the device Cisco NX-OS Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2013-006519

DESCRIPTION

Cisco NX-OS 6.1 before 6.1(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via crafted SSH key data in an SSH session to a management interface, aka Bug ID CSCud88400. Cisco NX-OS is a data center-class operating system that embodies modular design, resiliency, and maintainability. Tampering with the login information of the SSH key file to obtain administrative rights on another VDC. Cisco NX-OS is prone to a remote privilege-escalation vulnerability. This issue is being tracked by Cisco Bug ID CSCud88400. Cisco NX-OS on Nexus 7000 devices is a set of operating systems run by Cisco on Nexus 7000 series devices. An elevation of privilege vulnerability exists in Cisco NX-OS versions 6.1 prior to 6.1(5) on Nexus 7000 devices

Trust: 2.52

sources: NVD: CVE-2013-1191 // JVNDB: JVNDB-2013-006519 // CNVD: CNVD-2014-03252 // BID: 67574 // VULHUB: VHN-61193

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-03252

AFFECTED PRODUCTS

vendor:	cisco	model:	nx-os	scope:	eq	version:	6.1\(2\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	6.1\(1\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	6.1\(4\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	6.1	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	6.1\(3\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	6.1\(4a\)	Trust: 1.6
vendor:	cisco	model:	nexus 7000	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 7000 9-slot	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 7000 10-slot	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 7000 18-slot	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.2(4)	Trust: 0.9
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.2(3)	Trust: 0.9
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.2(6)	Trust: 0.9
vendor:	cisco	model:	nexus 7000 10 slot switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 7000 18 slot switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 7000 9 slot switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 7000 series switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nx-os	scope:	lt	version:	6.1 thats all 6.1(5)	Trust: 0.8
vendor:	cisco	model:	nx-os	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	nx-os for nexus series	scope:	eq	version:	70000	Trust: 0.3
vendor:	cisco	model:	nx-os 5.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os 4.2.	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.2(8)	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.1.(5)	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.1.(4)	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.1.(3)	Trust: 0.3
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.1.(2)	Trust: 0.3

sources: CNVD: CNVD-2014-03252 // BID: 67574 // JVNDB: JVNDB-2013-006519 // CNNVD: CNNVD-201405-477 // NVD: CVE-2013-1191

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-1191
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-1191
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2014-03252
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201405-477
value:	HIGH
Trust: 0.6
VULHUB:	VHN-61193
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-1191
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:H/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-03252
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:H/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-61193
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:H/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-03252 // VULHUB: VHN-61193 // JVNDB: JVNDB-2013-006519 // CNNVD: CNNVD-201405-477 // NVD: CVE-2013-1191

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-61193 // JVNDB: JVNDB-2013-006519 // NVD: CVE-2013-1191

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-477

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201405-477

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-006519

PATCH

title:	cisco-sa-20140521-nxos	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos	Trust: 0.8
title:	34246	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=34246	Trust: 0.8
title:	cisco-sa-20140521-nxos	url:	http://www.cisco.com/cisco/web/support/JP/112/1122/1122585_cisco-sa-20140521-nxos-j.html	Trust: 0.8
title:	Patch for Cisco NX-OS Virtual Device Context SSH Key Remote Privilege Escalation Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/45872	Trust: 0.6

sources: CNVD: CNVD-2014-03252 // JVNDB: JVNDB-2013-006519

EXTERNAL IDS

db:	NVD	id:	CVE-2013-1191	Trust: 3.4
db:	BID	id:	67574	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-006519	Trust: 0.8
db:	CNNVD	id:	CNNVD-201405-477	Trust: 0.7
db:	CNVD	id:	CNVD-2014-03252	Trust: 0.6
db:	CISCO	id:	20140521 MULTIPLE VULNERABILITIES IN CISCO NX-OS-BASED PRODUCTS	Trust: 0.6
db:	VULHUB	id:	VHN-61193	Trust: 0.1

sources: CNVD: CNVD-2014-03252 // VULHUB: VHN-61193 // BID: 67574 // JVNDB: JVNDB-2013-006519 // CNNVD: CNNVD-201405-477 // NVD: CVE-2013-1191

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140521-nxos	Trust: 2.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1191	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1191	Trust: 0.8
url:	http://www.cisco.com/en/us/products/ps9494/products_sub_category_home.html	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=34245	Trust: 0.3

sources: CNVD: CNVD-2014-03252 // VULHUB: VHN-61193 // BID: 67574 // JVNDB: JVNDB-2013-006519 // CNNVD: CNNVD-201405-477 // NVD: CVE-2013-1191

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 67574

SOURCES

db:	CNVD	id:	CNVD-2014-03252
db:	VULHUB	id:	VHN-61193
db:	BID	id:	67574
db:	JVNDB	id:	JVNDB-2013-006519
db:	CNNVD	id:	CNNVD-201405-477
db:	NVD	id:	CVE-2013-1191

LAST UPDATE DATE

2024-08-14T14:27:52.015000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-03252	date:	2014-05-26T00:00:00
db:	VULHUB	id:	VHN-61193	date:	2014-05-27T00:00:00
db:	BID	id:	67574	date:	2014-05-21T00:00:00
db:	JVNDB	id:	JVNDB-2013-006519	date:	2014-05-28T00:00:00
db:	CNNVD	id:	CNNVD-201405-477	date:	2014-05-28T00:00:00
db:	NVD	id:	CVE-2013-1191	date:	2014-05-27T16:05:21.940

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-03252	date:	2014-05-26T00:00:00
db:	VULHUB	id:	VHN-61193	date:	2014-05-26T00:00:00
db:	BID	id:	67574	date:	2014-05-21T00:00:00
db:	JVNDB	id:	JVNDB-2013-006519	date:	2014-05-28T00:00:00
db:	CNNVD	id:	CNNVD-201405-477	date:	2014-05-28T00:00:00
db:	NVD	id:	CVE-2013-1191	date:	2014-05-26T00:25:31.673