Sign-up

ID

VAR-201405-0113


CVE

CVE-2013-6975


TITLE

Cisco NX-OS Command line interface directory traversal vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-006484

DESCRIPTION

Directory traversal vulnerability in the command-line interface in Cisco NX-OS 6.2(2a) and earlier allows local users to read arbitrary files via unspecified input, aka Bug ID CSCul05217. Cisco NX-OS The command line interface contains a directory traversal vulnerability. The Cisco Nexus Series switches are data center switches. Adopt the Cisco Nexus OS operating system. Cisco NX-OS Software is prone to a directory-traversal vulnerability. Exploiting this issue can allow a local attacker to gain read access to arbitrary files. Information harvested may aid in launching further attacks. This issue is being tracked by Cisco Bug ID CSCul05217

Trust: 2.52

sources: NVD: CVE-2013-6975 // JVNDB: JVNDB-2013-006484 // CNVD: CNVD-2014-03160 // BID: 67426 // VULHUB: VHN-66977

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-03160

AFFECTED PRODUCTS

vendor:ciscomodel:nx-osscope:eqversion:6.0\(2\)

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:6.1\(2\)

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:6.1\(1\)

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:6.1

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:6.0\(1\)

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:6.2\(2\)

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:6.1\(3\)

Trust: 1.6

vendor:ciscomodel:nx-osscope:lteversion:6.2\(2a\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:lteversion:6.2(2a)

Trust: 0.8

vendor:ciscomodel:nx-os softwarescope: - version: -

Trust: 0.6

vendor:ciscomodel:nx-osscope:eqversion:6.2\(2a\)

Trust: 0.6

sources: CNVD: CNVD-2014-03160 // JVNDB: JVNDB-2013-006484 // CNNVD: CNNVD-201405-377 // NVD: CVE-2013-6975

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6975
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-6975
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-03160
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201405-377
value: MEDIUM

Trust: 0.6

VULHUB: VHN-66977
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-6975
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:S/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.1
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-03160
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:S/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.1
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-66977
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:S/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.1
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-03160 // VULHUB: VHN-66977 // JVNDB: JVNDB-2013-006484 // CNNVD: CNNVD-201405-377 // NVD: CVE-2013-6975

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-66977 // JVNDB: JVNDB-2013-006484 // NVD: CVE-2013-6975

THREAT TYPE

local

Trust: 0.9

sources: BID: 67426 // CNNVD: CNNVD-201405-377

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201405-377

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-006484

PATCH
title:Cisco NX-OS Software Arbitrary File Read Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6975
Trust: 0.8
title:34260url:http://tools.cisco.com/security/center/viewAlert.x?alertId=34260
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-006484

EXTERNAL IDS
db:NVDid:CVE-2013-6975
Trust: 3.4
db:BIDid:67426
Trust: 2.0
db:JVNDBid:JVNDB-2013-006484
Trust: 0.8
db:CNNVDid:CNNVD-201405-377
Trust: 0.7
db:CNVDid:CNVD-2014-03160
Trust: 0.6
db:CISCOid:20140515 CISCO NX-OS SOFTWARE ARBITRARY FILE READ VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-66977
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-03160 // 
            
            
            
            VULHUB: VHN-66977 // 
            
            
            
            BID: 67426 // 
            
            
            
            JVNDB: JVNDB-2013-006484 // 
            
            
            
            CNNVD: CNNVD-201405-377 // 
            
            
            
            NVD: CVE-2013-6975

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-6975
Trust: 2.3
url:http://tools.cisco.com/security/center/viewalert.x?alertid=34260
Trust: 1.7
url:http://www.securityfocus.com/bid/67426
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6975
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6975
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.mozilla.org/products/thunderbird/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-03160 // 
            
            
            
            VULHUB: VHN-66977 // 
            
            
            
            BID: 67426 // 
            
            
            
            JVNDB: JVNDB-2013-006484 // 
            
            
            
            CNNVD: CNNVD-201405-377 // 
            
            
            
            NVD: CVE-2013-6975

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 67426

SOURCES
db:CNVDid:CNVD-2014-03160
db:VULHUBid:VHN-66977
db:BIDid:67426
db:JVNDBid:JVNDB-2013-006484
db:CNNVDid:CNNVD-201405-377
db:NVDid:CVE-2013-6975

LAST UPDATE DATE
2024-11-23T23:09:23.422000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-03160date:2014-05-22T00:00:00
db:VULHUBid:VHN-66977date:2015-10-13T00:00:00
db:BIDid:67426date:2014-07-08T00:05:00
db:JVNDBid:JVNDB-2013-006484date:2014-05-21T00:00:00
db:CNNVDid:CNNVD-201405-377date:2014-05-23T00:00:00
db:NVDid:CVE-2013-6975date:2024-11-21T02:00:05.550

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-03160date:2014-05-21T00:00:00
db:VULHUBid:VHN-66977date:2014-05-20T00:00:00
db:BIDid:67426date:2014-05-15T00:00:00
db:JVNDBid:JVNDB-2013-006484date:2014-05-21T00:00:00
db:CNNVDid:CNNVD-201405-377date:2014-05-23T00:00:00
db:NVDid:CVE-2013-6975date:2014-05-20T11:13:37.327