ID
VAR-201405-0648
CVE
CVE-2014-1191
TITLE
Cisco NX-OS Virtual Device Context SSH Key Remote Privilege Escalation Vulnerability
Trust: 0.6
DESCRIPTION
Cisco NX-OS is a data center-class operating system that embodies modular design, resiliency, and maintainability. After a Cisco NX-OS device has multiple VDCs on the system and is configured with local authentication, there is a remote privilege elevation vulnerability in the implementation that allows an authenticated remote attacker to exploit the vulnerability through the SSH access management interface of the affected device. Tampering with the login information of the SSH key file to obtain administrative rights on another VDC.
Trust: 0.6
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 4.2(4) | Trust: 0.6 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 4.2(3) | Trust: 0.6 |
| vendor: | cisco | model: | nx-os | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 4.2(6) | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||
|
|
PATCH
| title: | Patch for Cisco NX-OS Virtual Device Context SSH Key Remote Privilege Escalation Vulnerability | url: | https://www.cnvd.org.cn/patchinfo/show/45872 | Trust: 0.6 |
EXTERNAL IDS
| db: | BID | id: | 67574 | Trust: 0.6 |
| db: | NVD | id: | CVE-2014-1191 | Trust: 0.6 |
| db: | CNVD | id: | CNVD-2014-03252 | Trust: 0.6 |
REFERENCES
| url: | http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140521-nxos | Trust: 0.6 |
SOURCES
| db: | CNVD | id: | CNVD-2014-03252 |
LAST UPDATE DATE
2022-05-04T08:44:10.408000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2014-03252 | date: | 2014-05-26T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2014-03252 | date: | 2014-05-26T00:00:00 |