Sign-up

ID

VAR-201507-0522


CVE

CVE-2015-4234


TITLE

Cisco Nexus Run on device Cisco NX-OS In root Vulnerability for which access rights are acquired

Trust: 0.8

sources: JVNDB: JVNDB-2015-003468

DESCRIPTION

Cisco NX-OS 6.0(2) and 6.2(2) on Nexus devices has an improper OS configuration, which allows local users to obtain root access via unspecified input to the Python interpreter, aka Bug IDs CSCun02887, CSCur00115, and CSCur00127. Cisco Nexus Run on device Cisco NX-OS Is root There is a vulnerability that can gain access. Nexus is Cisco's line of network switches designed for data centers. Cisco NX-OS software is a data center-level operating system that reflects modular design, resiliency, and maintainability. Multiple Cisco products are prone to multiple local privilege escalation vulnerabilities. This issue is being tracked by Cisco Bug ID's CSCun02887, CSCur00115, and CSCur00127

Trust: 3.06

sources: NVD: CVE-2015-4234 // JVNDB: JVNDB-2015-003468 // CNVD: CNVD-2015-04202 // CNVD: CNVD-2015-04579 // BID: 75502 // VULHUB: VHN-82195

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 1.2

sources: CNVD: CNVD-2015-04202 // CNVD: CNVD-2015-04579

AFFECTED PRODUCTS

vendor:ciscomodel:nx-osscope:eqversion:6.0\(2\)

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:6.2\(2\)

Trust: 1.6

vendor:ciscomodel:mds nx-os softwarescope:eqversion:90006.2(2)

Trust: 1.5

vendor:ciscomodel:mds nx-os softwarescope:eqversion:90006.0(2)

Trust: 1.5

vendor:ciscomodel:mds san-os softwarescope:eqversion:6.0(2)

Trust: 0.9

vendor:ciscomodel:mds san-os softwarescope:eqversion:6.2(2)

Trust: 0.9

vendor:ciscomodel:nx-osscope:eqversion:6.0 (2)

Trust: 0.8

vendor:ciscomodel:nx-osscope:eqversion:6.2 (2)

Trust: 0.8

sources: CNVD: CNVD-2015-04202 // CNVD: CNVD-2015-04579 // BID: 75502 // JVNDB: JVNDB-2015-003468 // CNNVD: CNNVD-201507-092 // NVD: CVE-2015-4234

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4234
value: HIGH

Trust: 1.0

NVD: CVE-2015-4234
value: HIGH

Trust: 0.8

CNVD: CNVD-2015-04202
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2015-04579
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201507-092
value: HIGH

Trust: 0.6

VULHUB: VHN-82195
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-4234
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-04202
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

CNVD: CNVD-2015-04579
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-82195
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-04202 // CNVD: CNVD-2015-04579 // VULHUB: VHN-82195 // JVNDB: JVNDB-2015-003468 // CNNVD: CNNVD-201507-092 // NVD: CVE-2015-4234

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-82195 // JVNDB: JVNDB-2015-003468 // NVD: CVE-2015-4234

THREAT TYPE

local

Trust: 0.9

sources: BID: 75502 // CNNVD: CNNVD-201507-092

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201507-092

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003468

PATCH
title:39571url:http://tools.cisco.com/security/center/viewAlert.x?alertId=39571
Trust: 0.8
title:Patch for Cisco Nexus Device Python Subsystem Local Privilege Escalation Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/60293
Trust: 0.6
title:Cisco NX-OS Python Scripting Engine root privilege to obtain vulnerability patchesurl:https://www.cnvd.org.cn/patchInfo/show/60929
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-04202 // 
            
            
            
            CNVD: CNVD-2015-04579 // 
            
            
            
            JVNDB: JVNDB-2015-003468

EXTERNAL IDS
db:NVDid:CVE-2015-4234
Trust: 4.0
db:BIDid:75502
Trust: 2.0
db:SECTRACKid:1032765
Trust: 1.1
db:JVNDBid:JVNDB-2015-003468
Trust: 0.8
db:CNNVDid:CNNVD-201507-092
Trust: 0.7
db:CNVDid:CNVD-2015-04202
Trust: 0.6
db:CNVDid:CNVD-2015-04579
Trust: 0.6
db:VULHUBid:VHN-82195
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-04202 // 
            
            
            
            CNVD: CNVD-2015-04579 // 
            
            
            
            VULHUB: VHN-82195 // 
            
            
            
            BID: 75502 // 
            
            
            
            JVNDB: JVNDB-2015-003468 // 
            
            
            
            CNNVD: CNNVD-201507-092 // 
            
            
            
            NVD: CVE-2015-4234

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39571
Trust: 3.2
url:http://www.securityfocus.com/bid/75502
Trust: 1.1
url:http://www.securitytracker.com/id/1032765
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4234
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4234
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-04202 // 
            
            
            
            CNVD: CNVD-2015-04579 // 
            
            
            
            VULHUB: VHN-82195 // 
            
            
            
            BID: 75502 // 
            
            
            
            JVNDB: JVNDB-2015-003468 // 
            
            
            
            CNNVD: CNNVD-201507-092 // 
            
            
            
            NVD: CVE-2015-4234

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 75502

SOURCES
db:CNVDid:CNVD-2015-04202
db:CNVDid:CNVD-2015-04579
db:VULHUBid:VHN-82195
db:BIDid:75502
db:JVNDBid:JVNDB-2015-003468
db:CNNVDid:CNNVD-201507-092
db:NVDid:CVE-2015-4234

LAST UPDATE DATE
2024-11-23T22:13:28.198000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-04202date:2015-07-03T00:00:00
db:CNVDid:CNVD-2015-04579date:2015-07-16T00:00:00
db:VULHUBid:VHN-82195date:2016-12-28T00:00:00
db:BIDid:75502date:2015-06-30T00:00:00
db:JVNDBid:JVNDB-2015-003468date:2015-07-10T00:00:00
db:CNNVDid:CNNVD-201507-092date:2015-07-10T00:00:00
db:NVDid:CVE-2015-4234date:2024-11-21T02:30:41.200

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-04202date:2015-07-03T00:00:00
db:CNVDid:CNVD-2015-04579date:2015-07-16T00:00:00
db:VULHUBid:VHN-82195date:2015-07-03T00:00:00
db:BIDid:75502date:2015-06-30T00:00:00
db:JVNDBid:JVNDB-2015-003468date:2015-07-10T00:00:00
db:CNNVDid:CNNVD-201507-092date:2015-07-06T00:00:00
db:NVDid:CVE-2015-4234date:2015-07-03T10:59:02.217