Sign-up

ID

VAR-201507-0519


CVE

CVE-2015-4231


TITLE

Cisco Nexus 7000 Run on device Cisco NX-OS of Python Vulnerabilities that can bypass access restrictions in the interpreter

Trust: 0.8

sources: JVNDB: JVNDB-2015-003466

DESCRIPTION

The Python interpreter in Cisco NX-OS 6.2(8a) on Nexus 7000 devices allows local users to bypass intended access restrictions and delete an arbitrary VDC's files by leveraging administrative privileges in one VDC, aka Bug ID CSCur08416. Vendors have confirmed this vulnerability Bug ID CSCur08416 It is released as.One local user VDC By using the administrator privileges of the VDC Files may be deleted. The Cisco Nexus 7000 Series Switches help create the network foundation platform required for next-generation unified array data centers. After the Cisco Nexus 7000 device is configured with multiple VDCs, there are multiple privilege escalation vulnerabilities in the Python scripting subsystem. Cisco NX-OS Software for Nexus 7000 Series is prone to a local privilege-escalation vulnerability. This could result in a denial of service (DoS) condition on the affected device. This issue is being tracked by Cisco Bug ID CSCur08416

Trust: 2.52

sources: NVD: CVE-2015-4231 // JVNDB: JVNDB-2015-003466 // CNVD: CNVD-2015-04323 // BID: 75501 // VULHUB: VHN-82192

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-04323

AFFECTED PRODUCTS

vendor:ciscomodel:nx-osscope:eqversion:6.2\(8a\)

Trust: 1.6

vendor:ciscomodel:nexus 7000 series switchscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus 7700 switchscope: - version: -

Trust: 0.8

vendor:ciscomodel:nx-osscope:eqversion:6.2(8a)

Trust: 0.8

vendor:ciscomodel:nexusscope:eqversion:7000

Trust: 0.6

vendor:ciscomodel:nx-os software for nexus series 6.2scope:eqversion:7000

Trust: 0.3

sources: CNVD: CNVD-2015-04323 // BID: 75501 // JVNDB: JVNDB-2015-003466 // CNNVD: CNNVD-201507-090 // NVD: CVE-2015-4231

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4231
value: LOW

Trust: 1.0

NVD: CVE-2015-4231
value: LOW

Trust: 0.8

CNVD: CNVD-2015-04323
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201507-090
value: LOW

Trust: 0.6

VULHUB: VHN-82192
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2015-4231
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-04323
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-82192
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-04323 // VULHUB: VHN-82192 // JVNDB: JVNDB-2015-003466 // CNNVD: CNNVD-201507-090 // NVD: CVE-2015-4231

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-82192 // JVNDB: JVNDB-2015-003466 // NVD: CVE-2015-4231

THREAT TYPE

local

Trust: 0.9

sources: BID: 75501 // CNNVD: CNNVD-201507-090

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201507-090

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003466

PATCH
title:39568url:http://tools.cisco.com/security/center/viewAlert.x?alertId=39568
Trust: 0.8
title:Patch for Cisco Nexus 7000 Device Local Privilege Escalation Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/60498
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-04323 // 
            
            
            
            JVNDB: JVNDB-2015-003466

EXTERNAL IDS
db:NVDid:CVE-2015-4231
Trust: 3.4
db:SECTRACKid:1032763
Trust: 1.1
db:JVNDBid:JVNDB-2015-003466
Trust: 0.8
db:CNNVDid:CNNVD-201507-090
Trust: 0.7
db:NSFOCUSid:30254
Trust: 0.6
db:CNVDid:CNVD-2015-04323
Trust: 0.6
db:BIDid:75501
Trust: 0.4
db:VULHUBid:VHN-82192
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-04323 // 
            
            
            
            VULHUB: VHN-82192 // 
            
            
            
            BID: 75501 // 
            
            
            
            JVNDB: JVNDB-2015-003466 // 
            
            
            
            CNNVD: CNNVD-201507-090 // 
            
            
            
            NVD: CVE-2015-4231

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39568
Trust: 2.0
url:http://www.securitytracker.com/id/1032763
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4231
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4231
Trust: 0.8
url:http://www.nsfocus.net/vulndb/30254
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-04323 // 
            
            
            
            VULHUB: VHN-82192 // 
            
            
            
            BID: 75501 // 
            
            
            
            JVNDB: JVNDB-2015-003466 // 
            
            
            
            CNNVD: CNNVD-201507-090 // 
            
            
            
            NVD: CVE-2015-4231

CREDITS
Jens Krabbenhoeft
Trust: 0.3
sources:
            
            
            BID: 75501

SOURCES
db:CNVDid:CNVD-2015-04323
db:VULHUBid:VHN-82192
db:BIDid:75501
db:JVNDBid:JVNDB-2015-003466
db:CNNVDid:CNNVD-201507-090
db:NVDid:CVE-2015-4231

LAST UPDATE DATE
2024-11-23T22:34:57.353000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-04323date:2015-07-08T00:00:00
db:VULHUBid:VHN-82192date:2016-12-28T00:00:00
db:BIDid:75501date:2015-07-01T00:00:00
db:JVNDBid:JVNDB-2015-003466date:2015-07-10T00:00:00
db:CNNVDid:CNNVD-201507-090date:2015-07-10T00:00:00
db:NVDid:CVE-2015-4231date:2024-11-21T02:30:40.853

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-04323date:2015-07-08T00:00:00
db:VULHUBid:VHN-82192date:2015-07-03T00:00:00
db:BIDid:75501date:2015-07-01T00:00:00
db:JVNDBid:JVNDB-2015-003466date:2015-07-10T00:00:00
db:CNNVDid:CNNVD-201507-090date:2015-07-06T00:00:00
db:NVDid:CVE-2015-4231date:2015-07-03T10:59:00.077