Details of VAR-201408-0164

ID

VAR-201408-0164

CVE

CVE-2014-3341

TITLE

Cisco Nexus 5000 and 6000 Run on device Cisco NX-OS of SNMP In module VLAN Enumerated vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-003852

DESCRIPTION

The SNMP module in Cisco NX-OS 7.0(3)N1(1) and earlier on Nexus 5000 and 6000 devices provides different error messages for invalid requests depending on whether the VLAN ID exists, which allows remote attackers to enumerate VLANs via a series of requests, aka Bug ID CSCup85616. Vendors have confirmed this vulnerability Bug ID CSCup85616 It is released as.By a third party, through a series of requests, VLAN May be enumerated. Cisco NX-OS is a data center-class operating system that embodies modular design, resiliency, and maintainability. Cisco NX-OS is able to divide OS and hardware resources into virtual environments that emulate virtual devices. Each VDC has its own software processes, dedicated hardware resources (interfaces), and a separate management environment. A security vulnerability exists in the SNMP module of Cisco NX-OS Software. An unauthenticated remote attacker can exploit this vulnerability to obtain sensitive information. This issue is being tracked by Cisco bug ID CSCup85616. Cisco NX-OS on Nexus 5000 and 6000 devices is a set of operating systems run by Cisco in the Nexus 5000 and 6000 series devices

Trust: 2.52

sources: NVD: CVE-2014-3341 // JVNDB: JVNDB-2014-003852 // CNVD: CNVD-2014-05110 // BID: 69266 // VULHUB: VHN-71281

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-05110

AFFECTED PRODUCTS

vendor:	cisco	model:	nx-os	scope:	eq	version:	5.2\(1\)n1\(7\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.1\(3\)n2\(1\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.2\(1\)n1\(6\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.1\(3\)n1\(1a\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)n2\(2a\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)n2\(2\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.1\(3\)n1\(1\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)n1\(1c\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)n2\(2b\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(3\)n2\(1\)	Trust: 1.6
vendor:	cisco	model:	nexus 5020p switch	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 56128p	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.2\(1\)n1\(3\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.2\(1\)n1\(4\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	6.0\(2\)n2\(5\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	6.0\(2\)n1\(2a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.1\(3\)n2\(1b\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.2\(1\)n1\(1b\)	Trust: 1.0
vendor:	cisco	model:	nexus 5548p	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(2\)n2\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	6.0\(2\)n2\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	7.0\(0\)n1\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.2\(1\)n1\(1a\)	Trust: 1.0
vendor:	cisco	model:	nexus 5672up	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.1\(3\)n2\(1a\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.1\(3\)n2\(1c\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	lte	version:	7.0\(3\)n1\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.2\(1\)n1\(2a\)	Trust: 1.0
vendor:	cisco	model:	nexus 5000	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	6.0\(2\)n2\(4\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	7.0\(2\)n1\(1\)	Trust: 1.0
vendor:	cisco	model:	nexus 5020	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	7.0\(1\)n1\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.2\(1\)n1\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.2\(1\)n1\(8\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	6.0\(2\)n2\(3\)	Trust: 1.0
vendor:	cisco	model:	nexus 5010p switch	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 5010	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.2\(1\)n1\(8a\)	Trust: 1.0
vendor:	cisco	model:	nexus 6001	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.2\(1\)n1\(2\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.2\(1\)n1\(5\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	6.0\(2\)n2\(1b\)	Trust: 1.0
vendor:	cisco	model:	nexus 5596t	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	6.0\(2\)n1\(2\)	Trust: 1.0
vendor:	cisco	model:	nexus 5548up	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 5596up	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 6004x	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	6.0\(2\)n2\(2\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(2\)n1\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0\(2\)n2\(1a\)	Trust: 1.0
vendor:	cisco	model:	nexus 6004	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 5000 series switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 5010 switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 5010p switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 5020 switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 5020p switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 5548p switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 5548up switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 5596t switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 5596up switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 56128p switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 5672up switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 6001 switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 6004 switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 6004x switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nx-os	scope:	lte	version:	7.0(3)n1(1)	Trust: 0.8
vendor:	cisco	model:	nx-os	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2014-05110 // JVNDB: JVNDB-2014-003852 // CNNVD: CNNVD-201408-295 // NVD: CVE-2014-3341

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3341
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-3341
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-05110
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201408-295
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-71281
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-3341
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-05110
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-71281
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-05110 // VULHUB: VHN-71281 // JVNDB: JVNDB-2014-003852 // CNNVD: CNNVD-201408-295 // NVD: CVE-2014-3341

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-71281 // JVNDB: JVNDB-2014-003852 // NVD: CVE-2014-3341

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201408-295

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201408-295

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-003852

PATCH

title:	Cisco NX-OS Software SNMP Information Disclosure Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3341	Trust: 0.8
title:	35338	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=35338	Trust: 0.8

sources: JVNDB: JVNDB-2014-003852

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3341	Trust: 3.4
db:	BID	id:	69266	Trust: 2.0
db:	SECTRACK	id:	1030746	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-003852	Trust: 0.8
db:	CNNVD	id:	CNNVD-201408-295	Trust: 0.7
db:	CNVD	id:	CNVD-2014-05110	Trust: 0.6
db:	VULHUB	id:	VHN-71281	Trust: 0.1

sources: CNVD: CNVD-2014-05110 // VULHUB: VHN-71281 // BID: 69266 // JVNDB: JVNDB-2014-003852 // CNNVD: CNNVD-201408-295 // NVD: CVE-2014-3341

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3341	Trust: 2.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=35338	Trust: 1.7
url:	http://www.securityfocus.com/bid/69266	Trust: 1.1
url:	http://www.securitytracker.com/id/1030746	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/95329	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3341	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3341	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2014-05110 // VULHUB: VHN-71281 // BID: 69266 // JVNDB: JVNDB-2014-003852 // CNNVD: CNNVD-201408-295 // NVD: CVE-2014-3341

CREDITS

Cisco

Trust: 0.3

sources: BID: 69266

SOURCES

db:	CNVD	id:	CNVD-2014-05110
db:	VULHUB	id:	VHN-71281
db:	BID	id:	69266
db:	JVNDB	id:	JVNDB-2014-003852
db:	CNNVD	id:	CNNVD-201408-295
db:	NVD	id:	CVE-2014-3341

LAST UPDATE DATE

2024-11-23T22:18:34.994000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-05110	date:	2014-08-21T00:00:00
db:	VULHUB	id:	VHN-71281	date:	2017-08-29T00:00:00
db:	BID	id:	69266	date:	2014-08-19T12:24:00
db:	JVNDB	id:	JVNDB-2014-003852	date:	2014-08-20T00:00:00
db:	CNNVD	id:	CNNVD-201408-295	date:	2014-08-28T00:00:00
db:	NVD	id:	CVE-2014-3341	date:	2024-11-21T02:07:54.053

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-05110	date:	2014-08-21T00:00:00
db:	VULHUB	id:	VHN-71281	date:	2014-08-19T00:00:00
db:	BID	id:	69266	date:	2014-08-18T00:00:00
db:	JVNDB	id:	JVNDB-2014-003852	date:	2014-08-20T00:00:00
db:	CNNVD	id:	CNNVD-201408-295	date:	2014-08-28T00:00:00
db:	NVD	id:	CVE-2014-3341	date:	2014-08-19T11:16:58.540