Sign-up

ID

VAR-201506-0301


CVE

CVE-2015-4213


TITLE

Cisco Nexus 9000 NX-OS Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2015-04073 // CNNVD: CNNVD-201506-487

DESCRIPTION

Cisco NX-OS 1.1(1g) on Nexus 9000 devices allows remote authenticated users to discover cleartext passwords by leveraging the existence of a decryption mechanism, aka Bug ID CSCuu84391. Cisco Nexus 9000 Runs on the device Cisco NX-OS Contains a vulnerability in which a plaintext password can be obtained. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. This issue is being tracked by Cisco Bug Id CSCuu84391

Trust: 2.52

sources: NVD: CVE-2015-4213 // JVNDB: JVNDB-2015-003269 // CNVD: CNVD-2015-04073 // BID: 75378 // VULHUB: VHN-82174

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-04073

AFFECTED PRODUCTS

vendor:ciscomodel:nx-osscope:eqversion:1.1\(1g\)

Trust: 1.6

vendor:ciscomodel:nexus 93120tx switchscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus 93128tx switchscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus 9332pq switchscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus 9336pq aci spini switchscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus 9372px switchscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus 9372tx switchscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus 9396px switchscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus 9396tx switchscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus 9504 switchscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus 9508 switchscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus 9516 switchscope: - version: -

Trust: 0.8

vendor:ciscomodel:nx-osscope:eqversion:1.1(1g)

Trust: 0.8

vendor:ciscomodel:nexusscope:eqversion:9000

Trust: 0.6

vendor:ciscomodel:nx-os for nexus series 1.1scope:eqversion:9000

Trust: 0.3

sources: CNVD: CNVD-2015-04073 // BID: 75378 // JVNDB: JVNDB-2015-003269 // CNNVD: CNNVD-201506-487 // NVD: CVE-2015-4213

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4213
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-4213
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-04073
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201506-487
value: MEDIUM

Trust: 0.6

VULHUB: VHN-82174
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-4213
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-04073
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-82174
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-04073 // VULHUB: VHN-82174 // JVNDB: JVNDB-2015-003269 // CNNVD: CNNVD-201506-487 // NVD: CVE-2015-4213

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-82174 // JVNDB: JVNDB-2015-003269 // NVD: CVE-2015-4213

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-487

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201506-487

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003269

PATCH
title:39469url:http://tools.cisco.com/security/center/viewAlert.x?alertId=39469
Trust: 0.8
title:Patch for Cisco Nexus 9000 NX-OS Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/60100
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-04073 // 
            
            
            
            JVNDB: JVNDB-2015-003269

EXTERNAL IDS
db:NVDid:CVE-2015-4213
Trust: 3.4
db:BIDid:75378
Trust: 2.0
db:SECTRACKid:1032712
Trust: 1.1
db:JVNDBid:JVNDB-2015-003269
Trust: 0.8
db:CNNVDid:CNNVD-201506-487
Trust: 0.7
db:CNVDid:CNVD-2015-04073
Trust: 0.6
db:VULHUBid:VHN-82174
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-04073 // 
            
            
            
            VULHUB: VHN-82174 // 
            
            
            
            BID: 75378 // 
            
            
            
            JVNDB: JVNDB-2015-003269 // 
            
            
            
            CNNVD: CNNVD-201506-487 // 
            
            
            
            NVD: CVE-2015-4213

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39469
Trust: 2.6
url:http://www.securityfocus.com/bid/75378
Trust: 1.1
url:http://www.securitytracker.com/id/1032712
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4213
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4213
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-04073 // 
            
            
            
            VULHUB: VHN-82174 // 
            
            
            
            BID: 75378 // 
            
            
            
            JVNDB: JVNDB-2015-003269 // 
            
            
            
            CNNVD: CNNVD-201506-487 // 
            
            
            
            NVD: CVE-2015-4213

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 75378

SOURCES
db:CNVDid:CNVD-2015-04073
db:VULHUBid:VHN-82174
db:BIDid:75378
db:JVNDBid:JVNDB-2015-003269
db:CNNVDid:CNNVD-201506-487
db:NVDid:CVE-2015-4213

LAST UPDATE DATE
2024-11-23T22:27:06.167000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-04073date:2015-06-29T00:00:00
db:VULHUBid:VHN-82174date:2016-12-28T00:00:00
db:BIDid:75378date:2015-06-23T00:00:00
db:JVNDBid:JVNDB-2015-003269date:2015-06-25T00:00:00
db:CNNVDid:CNNVD-201506-487date:2015-06-25T00:00:00
db:NVDid:CVE-2015-4213date:2024-11-21T02:30:38.780

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-04073date:2015-06-29T00:00:00
db:VULHUBid:VHN-82174date:2015-06-24T00:00:00
db:BIDid:75378date:2015-06-23T00:00:00
db:JVNDBid:JVNDB-2015-003269date:2015-06-25T00:00:00
db:CNNVDid:CNNVD-201506-487date:2015-06-25T00:00:00
db:NVDid:CVE-2015-4213date:2015-06-24T10:59:09.073