ID
VAR-201503-0162
CVE
CVE-2015-0658
TITLE
Cisco NX-OS of PowerOn Auto Provisioning Functional DHCP In the implementation of root As an arbitrary command execution vulnerability
Trust: 0.8
sources:
JVNDB: JVNDB-2015-001987
DESCRIPTION
The DHCP implementation in the PowerOn Auto Provisioning (POAP) feature in Cisco NX-OS does not properly restrict the initialization process, which allows remote attackers to execute arbitrary commands as root by sending crafted response packets on the local network, aka Bug ID CSCur14589. Cisco NX-OS software is a data center-level operating system that reflects modular design, resiliency, and maintainability. Cisco NX-OS Software is prone to a remote command-injection vulnerability because it fails to properly sanitize user-supplied input. Successfully exploiting this issue may allow an attacker to execute arbitrary commands with the security context of the root user. This issue is being tracked by Cisco bug ID CSCur14589. Cisco NX-OS is a data center-oriented operating system developed by Cisco
Trust: 2.52
sources:
NVD: CVE-2015-0658 //
JVNDB: JVNDB-2015-001987 //
CNVD: CNVD-2015-02076 //
BID: 73390 //
VULHUB: VHN-78604
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2015-02076
AFFECTED PRODUCTS
| vendor: | cisco | model: | nx-os for nexus series 5.0 u5 | scope: | eq | version: | 3000 | Trust: 2.7 |
| vendor: | cisco | model: | nx-os for nexus series 6.0 n2 | scope: | eq | version: | 6000 | Trust: 1.8 |
| vendor: | cisco | model: | nx-os for nexus series 6.0 n2 | scope: | eq | version: | 5000 | Trust: 1.8 |
| vendor: | cisco | model: | nx-os for nexus series 6.0 u2 | scope: | eq | version: | 3000 | Trust: 1.8 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.0\(2\)u4\(3\) | Trust: 1.6 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.1\(2\) | Trust: 1.6 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.0\(2\)u2\(5\) | Trust: 1.6 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.0\(2\)u3\(3\) | Trust: 1.6 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.0\(2\)u4\(2\) | Trust: 1.6 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.0\(2\)u2\(6\) | Trust: 1.6 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.0\(2\)u3\(1\) | Trust: 1.6 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.0\(2\)u3\(5\) | Trust: 1.6 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.0\(2\)u3\(2\) | Trust: 1.6 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.0\(2\)u3\(4\) | Trust: 1.6 |
| vendor: | cisco | model: | nx-os for nexus series 6.1 i2 | scope: | eq | version: | 9000 | Trust: 1.5 |
| vendor: | cisco | model: | nx-os for nexus series 6.0 u3 | scope: | eq | version: | 3000 | Trust: 1.5 |
| vendor: | cisco | model: | nx-os for nexus series 6.0 u1 | scope: | eq | version: | 3000 | Trust: 1.5 |
| vendor: | cisco | model: | nx-os | scope: | - | version: | - | Trust: 1.4 |
| vendor: | cisco | model: | nx-os for nexus series 6.2 | scope: | eq | version: | 7000 | Trust: 1.2 |
| vendor: | cisco | model: | nx-os for nexus series 7.0 n1 | scope: | eq | version: | 6000 | Trust: 1.2 |
| vendor: | cisco | model: | nx-os for nexus series 7.0 n1 | scope: | eq | version: | 5000 | Trust: 1.2 |
| vendor: | cisco | model: | nx-os for nexus series 5.0 u3 | scope: | eq | version: | 3000 | Trust: 1.2 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.1\(4a\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.1\(3\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 11.0\(1c\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.0\(2\)n2\(5\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 5.0\(3\)u5\(1a\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.0\(2\)n1\(2a\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 7.0\(3\)n1\(1\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.0\(2\)u2\(1\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.0\(2\)u4\(1\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 5.0\(3\)u5\(1e\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.0\(2\)n2\(1\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 7.0\(0\)n1\(1\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 5.0\(3\)u5\(1b\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 11.0\(1b\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.0\(2\)u1\(1\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.0\(2\)u1\(1a\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.1\(2\)i2\(2\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.0\(2\)u2\(3\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.2\(6\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.2\(2\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.1\(2\)i2\(3\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 5.0\(3\)u5\(1\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.1\(2\)i3\(3\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.0\(2\)n2\(4\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 7.0\(2\)n1\(1\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.2\(2a\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.0\(2\)u2\(2\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 7.0\(1\)n1\(1\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.2\(8\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 5.0\(3\)u5\(1d\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 5.0\(3\)u5\(1g\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.0\(2\)n2\(3\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.1\(2\)i3\(1\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.0\(2\)u1\(2\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.1\(4\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.0\(2\)n2\(1b\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.2\(6b\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 5.0\(3\)u3\(2a\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.1\(2\)i2\(2b\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.0\(2\)n1\(1\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.0\(2\)n1\(2\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.0\(2\)u1\(3\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 5.0\(3\)u5\(1h\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 5.0\(3\)u3\(2b\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.2\(8b\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.1\(2\)i2\(2a\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.1\(2\)i2\(1\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 5.0\(3\)u3\(1\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 5.0\(3\)u5\(1f\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.0\(2\)u1\(4\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.0\(2\)n2\(2\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 5.0\(3\)u3\(2\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.0\(2\)u2\(4\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 5.0\(3\)u5\(1c\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.0\(2\)u5\(1\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 5.0\(3\)u4\(1\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.2\(8a\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 6.1\(2\)i3\(2\) | Trust: 1.0 |
| vendor: | cisco | model: | nx-os for nexus series 6.1 i3 | scope: | eq | version: | 9000 | Trust: 0.9 |
| vendor: | cisco | model: | nx-os for nexus series 6.0 u4 | scope: | eq | version: | 3000 | Trust: 0.9 |
| vendor: | cisco | model: | nx-os for nexus series 11.0 | scope: | eq | version: | 9000 | Trust: 0.6 |
| vendor: | cisco | model: | nx-os for nexus series 6.0 n1 | scope: | eq | version: | 6000 | Trust: 0.6 |
| vendor: | cisco | model: | nx-os for nexus series 6.0 n1 | scope: | eq | version: | 5000 | Trust: 0.6 |
| vendor: | cisco | model: | nx-os for nexus series | scope: | eq | version: | 70006.2(8) | Trust: 0.3 |
| vendor: | cisco | model: | nx-os for nexus series | scope: | eq | version: | 70006.2(6) | Trust: 0.3 |
| vendor: | cisco | model: | nx-os for nexus series | scope: | eq | version: | 70006.2(2) | Trust: 0.3 |
| vendor: | cisco | model: | nx-os for nexus series 6.1 | scope: | eq | version: | 7000 | Trust: 0.3 |
| vendor: | cisco | model: | nx-os for nexus series | scope: | eq | version: | 70006.1(4) | Trust: 0.3 |
| vendor: | cisco | model: | nx-os for nexus series | scope: | eq | version: | 70006.1(3) | Trust: 0.3 |
| vendor: | cisco | model: | nx-os for nexus series | scope: | eq | version: | 70006.1(2) | Trust: 0.3 |
| vendor: | cisco | model: | nx-os for nexus series 6.0 u5 | scope: | eq | version: | 3000 | Trust: 0.3 |
| vendor: | cisco | model: | nx-os for nexus series 5.0 u4 | scope: | eq | version: | 3000 | Trust: 0.3 |
sources:
CNVD: CNVD-2015-02076 //
BID: 73390 //
JVNDB: JVNDB-2015-001987 //
CNNVD: CNNVD-201503-609 //
NVD: CVE-2015-0658
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
CNVD: CNVD-2015-02076 //
VULHUB: VHN-78604 //
JVNDB: JVNDB-2015-001987 //
CNNVD: CNNVD-201503-609 //
NVD: CVE-2015-0658
PROBLEMTYPE DATA
| problemtype: | CWE-20 | Trust: 1.9 |
sources:
VULHUB: VHN-78604 //
JVNDB: JVNDB-2015-001987 //
NVD: CVE-2015-0658
THREAT TYPE
specific network environment
Trust: 0.6
sources:
CNNVD: CNNVD-201503-609
TYPE
input validation
Trust: 0.6
sources:
CNNVD: CNNVD-201503-609
CONFIGURATIONS
sources:
JVNDB: JVNDB-2015-001987
PATCH
| title: | 38062 | url: | http://tools.cisco.com/security/center/viewAlert.x?alertId=38062 | Trust: 0.8 |
| title: | Patch for Cisco NX-OS PowerOn Auto Provisioning (POAP) arbitrary command execution vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/56775 | Trust: 0.6 |
sources:
CNVD: CNVD-2015-02076 //
JVNDB: JVNDB-2015-001987
EXTERNAL IDS
| db: | NVD | id: | CVE-2015-0658 | Trust: 3.4 |
| db: | SECTRACK | id: | 1031992 | Trust: 1.1 |
| db: | JVNDB | id: | JVNDB-2015-001987 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201503-609 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2015-02076 | Trust: 0.6 |
| db: | BID | id: | 73390 | Trust: 0.4 |
| db: | VULHUB | id: | VHN-78604 | Trust: 0.1 |
sources:
CNVD: CNVD-2015-02076 //
VULHUB: VHN-78604 //
BID: 73390 //
JVNDB: JVNDB-2015-001987 //
CNNVD: CNNVD-201503-609 //
NVD: CVE-2015-0658
REFERENCES
| url: | http://tools.cisco.com/security/center/viewalert.x?alertid=38062 | Trust: 2.6 |
| url: | http://www.securitytracker.com/id/1031992 | Trust: 1.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0658 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0658 | Trust: 0.8 |
| url: | http://www.cisco.com/ | Trust: 0.3 |
sources:
CNVD: CNVD-2015-02076 //
VULHUB: VHN-78604 //
BID: 73390 //
JVNDB: JVNDB-2015-001987 //
CNNVD: CNNVD-201503-609 //
NVD: CVE-2015-0658
CREDITS
Cisco
Trust: 0.3
sources:
BID: 73390
SOURCES
| db: | CNVD | id: | CNVD-2015-02076 |
| db: | VULHUB | id: | VHN-78604 |
| db: | BID | id: | 73390 |
| db: | JVNDB | id: | JVNDB-2015-001987 |
| db: | CNNVD | id: | CNNVD-201503-609 |
| db: | NVD | id: | CVE-2015-0658 |
LAST UPDATE DATE
2024-11-23T22:08:09.496000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2015-02076 | date: | 2015-03-31T00:00:00 |
| db: | VULHUB | id: | VHN-78604 | date: | 2015-10-22T00:00:00 |
| db: | BID | id: | 73390 | date: | 2015-03-27T00:00:00 |
| db: | JVNDB | id: | JVNDB-2015-001987 | date: | 2015-03-31T00:00:00 |
| db: | CNNVD | id: | CNNVD-201503-609 | date: | 2015-04-03T00:00:00 |
| db: | NVD | id: | CVE-2015-0658 | date: | 2024-11-21T02:23:29.213 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2015-02076 | date: | 2015-03-31T00:00:00 |
| db: | VULHUB | id: | VHN-78604 | date: | 2015-03-28T00:00:00 |
| db: | BID | id: | 73390 | date: | 2015-03-27T00:00:00 |
| db: | JVNDB | id: | JVNDB-2015-001987 | date: | 2015-03-31T00:00:00 |
| db: | CNNVD | id: | CNNVD-201503-609 | date: | 2015-03-30T00:00:00 |
| db: | NVD | id: | CVE-2015-0658 | date: | 2015-03-28T01:59:49.210 |