Details of VAR-201507-0525

ID

VAR-201507-0525

CVE

CVE-2015-4237

TITLE

Cisco Nexus Run on device Cisco NX-OS of CLI Any in the parser OS Command execution vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-003469

DESCRIPTION

The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491, CSCuv08443, CSCuv08480, CSCuv08448, CSCuu99291, CSCuv08434, and CSCuv08436. Vendors have confirmed this vulnerability Bug ID CSCuv08491 , CSCuv08443 , CSCuv08480 , CSCuv08448 , CSCuu99291 , CSCuv08434 ,and CSCuv08436 It is released as.By the local user, via a crafted character in the file name OS The command may be executed. Nexus is Cisco's line of network switches designed for data centers. The Cisco Nexus Operating System (NX-OS) CLI resolver has a security vulnerability that allows an authenticated local attacker to exploit this vulnerability for elevated privileges. This issue is being tracked by Cisco Bug IDs CSCuv08491, CSCuv08443, CSCuv08480, CSCuv08448, CSCuu99291, CSCuv08434, and CSCuv08436. The following releases are affected: Cisco NX-OS Release 4.1(2)E1(1), Release 6.2(11b), Release 6.2(12), Release 7.2(0)ZZ(99.1), Release 7.2(0)ZZ(99.3) , version 9.1(1)SV1(3.1.8)

Trust: 2.52

sources: NVD: CVE-2015-4237 // JVNDB: JVNDB-2015-003469 // CNVD: CNVD-2015-04324 // BID: 75528 // VULHUB: VHN-82198

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-04324

AFFECTED PRODUCTS

vendor:	cisco	model:	nx-os	scope:	eq	version:	6.2\(11b\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	7.2\(0\)zz\(99.3\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	6.2\(12\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	9.1\(1\)sv1\(3.1.8\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.1\(2\)e1\(1\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	7.2\(0\)zz\(99.1\)	Trust: 1.6
vendor:	cisco	model:	mds 9700	scope:	eq	version:	(cisco mds 9000 nx-os 6.2 (11b))	Trust: 0.8
vendor:	cisco	model:	nexus 5696q switch	scope:	eq	version:	(cisco nx-os 7.2(0)zz(99.1))	Trust: 0.8
vendor:	cisco	model:	nexus 3524 switch	scope:	eq	version:	(cisco nx-os 7.2(0)zz(99.1))	Trust: 0.8
vendor:	cisco	model:	nx-os	scope:	eq	version:	7.2(0)zz(99.3)	Trust: 0.8
vendor:	cisco	model:	nexus 3016 switch	scope:	eq	version:	(cisco nx-os 7.2(0)zz(99.1))	Trust: 0.8
vendor:	cisco	model:	mds 9500	scope:	eq	version:	(cisco mds 9000 nx-os 6.2 (11b))	Trust: 0.8
vendor:	cisco	model:	nexus 5548p switch	scope:	eq	version:	(cisco nx-os 7.2(0)zz(99.1))	Trust: 0.8
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.1(2)e1(1)	Trust: 0.8
vendor:	cisco	model:	nexus 3048 switch	scope:	eq	version:	(cisco nx-os 7.2(0)zz(99.1))	Trust: 0.8
vendor:	cisco	model:	nexus 9504 switch	scope:	eq	version:	(cisco nx-os 7.2(0)zz(99.3))	Trust: 0.8
vendor:	cisco	model:	nexus 9508 switch	scope:	eq	version:	(cisco nx-os 7.2(0)zz(99.3))	Trust: 0.8
vendor:	cisco	model:	mds 9140	scope:	eq	version:	(cisco mds 9000 nx-os 6.2 (11b))	Trust: 0.8
vendor:	cisco	model:	nx-os	scope:	eq	version:	9.1(1)sv1(3.1.8) base	Trust: 0.8
vendor:	cisco	model:	nx-os	scope:	eq	version:	7.2(0)zz(99.1)	Trust: 0.8
vendor:	cisco	model:	nexus 3064 switch	scope:	eq	version:	(cisco nx-os 7.2(0)zz(99.1))	Trust: 0.8
vendor:	cisco	model:	nexus 5648q switch	scope:	eq	version:	(cisco nx-os 7.2(0)zz(99.1))	Trust: 0.8
vendor:	cisco	model:	mds 9100 series	scope:	eq	version:	(cisco mds 9000 nx-os 6.2 (11b))	Trust: 0.8
vendor:	cisco	model:	nexus 3172 switch	scope:	eq	version:	(cisco nx-os 7.2(0)zz(99.1))	Trust: 0.8
vendor:	cisco	model:	nexus 4001i switch module for ibm bladecenter	scope:	eq	version:	(cisco nx-os 4.1(2)e1(1))	Trust: 0.8
vendor:	cisco	model:	nexus 9396px switch	scope:	eq	version:	(cisco nx-os 7.2(0)zz(99.3))	Trust: 0.8
vendor:	cisco	model:	nexus 1000v switch	scope:	eq	version:	(cisco nx-os 9.1(1)sv1(3.1.8) base)	Trust: 0.8
vendor:	cisco	model:	nexus 7700 switch	scope:	eq	version:	(cisco nx-os 6.2(12))	Trust: 0.8
vendor:	cisco	model:	nexus 7000 series switch	scope:	eq	version:	(cisco nx-os 6.2(12))	Trust: 0.8
vendor:	cisco	model:	nexus 9516 switch	scope:	eq	version:	(cisco nx-os 7.2(0)zz(99.3))	Trust: 0.8
vendor:	cisco	model:	nexus 3164q switch	scope:	eq	version:	(cisco nx-os 7.2(0)zz(99.1))	Trust: 0.8
vendor:	cisco	model:	nexus 9336pq aci spini switch	scope:	eq	version:	(cisco nx-os 7.2(0)zz(99.3))	Trust: 0.8
vendor:	cisco	model:	nx-os	scope:	eq	version:	6.2(12)	Trust: 0.8
vendor:	cisco	model:	nexus 93128tx switch	scope:	eq	version:	(cisco nx-os 7.2(0)zz(99.3))	Trust: 0.8
vendor:	cisco	model:	nexus 5596t switch	scope:	eq	version:	(cisco nx-os 7.2(0)zz(99.1))	Trust: 0.8
vendor:	cisco	model:	nexus 3132q switch	scope:	eq	version:	(cisco nx-os 7.2(0)zz(99.1))	Trust: 0.8
vendor:	cisco	model:	nexus 5672up switch	scope:	eq	version:	(cisco nx-os 7.2(0)zz(99.1))	Trust: 0.8
vendor:	cisco	model:	nexus 3548 switch	scope:	eq	version:	(cisco nx-os 7.2(0)zz(99.1))	Trust: 0.8
vendor:	cisco	model:	nexus 5624q switch	scope:	eq	version:	(cisco nx-os 7.2(0)zz(99.1))	Trust: 0.8
vendor:	cisco	model:	nexus 93120tx switch	scope:	eq	version:	(cisco nx-os 7.2(0)zz(99.3))	Trust: 0.8
vendor:	cisco	model:	nexus 9332pq switch	scope:	eq	version:	(cisco nx-os 7.2(0)zz(99.3))	Trust: 0.8
vendor:	cisco	model:	nexus 9396tx switch	scope:	eq	version:	(cisco nx-os 7.2(0)zz(99.3))	Trust: 0.8
vendor:	cisco	model:	nexus 9372tx switch	scope:	eq	version:	(cisco nx-os 7.2(0)zz(99.3))	Trust: 0.8
vendor:	cisco	model:	nexus 56128p switch	scope:	eq	version:	(cisco nx-os 7.2(0)zz(99.1))	Trust: 0.8
vendor:	cisco	model:	nexus 9372px switch	scope:	eq	version:	(cisco nx-os 7.2(0)zz(99.3))	Trust: 0.8
vendor:	cisco	model:	nexus 5596up switch	scope:	eq	version:	(cisco nx-os 7.2(0)zz(99.1))	Trust: 0.8
vendor:	cisco	model:	nexus 5548up switch	scope:	eq	version:	(cisco nx-os 7.2(0)zz(99.1))	Trust: 0.8
vendor:	cisco	model:	nexus 3232c switch	scope:	eq	version:	(cisco nx-os 7.2(0)zz(99.1))	Trust: 0.8
vendor:	cisco	model:	mds 9000 nx-os	scope:	eq	version:	6.2 (11b)	Trust: 0.8
vendor:	cisco	model:	nexus switch 9.1 sv1 base	scope:	eq	version:	1000v	Trust: 0.6
vendor:	cisco	model:	nx-os software 7.2 zz	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	nx-os software 9. sv1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os software	scope:	eq	version:	6.2(12)	Trust: 0.3
vendor:	cisco	model:	nx-os software 6.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os software 4.1 e1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os for nexus series 7.2 zz	scope:	eq	version:	9000	Trust: 0.3
vendor:	cisco	model:	nx-os for nexus series	scope:	eq	version:	70006.2(12)	Trust: 0.3
vendor:	cisco	model:	nx-os for nexus series 7.2 zz	scope:	eq	version:	5000	Trust: 0.3
vendor:	cisco	model:	nx-os for nexus series 4.1 e1	scope:	eq	version:	4000	Trust: 0.3
vendor:	cisco	model:	nx-os for nexus series 7.2 zz	scope:	eq	version:	3000	Trust: 0.3
vendor:	cisco	model:	nexus switch 9.1 sv1	scope:	eq	version:	1000v	Trust: 0.3
vendor:	cisco	model:	mds nx-os software 6.2	scope:	eq	version:	9000	Trust: 0.3

sources: CNVD: CNVD-2015-04324 // BID: 75528 // JVNDB: JVNDB-2015-003469 // CNNVD: CNNVD-201507-093 // NVD: CVE-2015-4237

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-4237
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-4237
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-04324
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201507-093
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-82198
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-4237
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-04324
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-82198
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-04324 // VULHUB: VHN-82198 // JVNDB: JVNDB-2015-003469 // CNNVD: CNNVD-201507-093 // NVD: CVE-2015-4237

PROBLEMTYPE DATA

problemtype:	CWE-264	Trust: 1.9
problemtype:	CWE-78	Trust: 1.9

sources: VULHUB: VHN-82198 // JVNDB: JVNDB-2015-003469 // NVD: CVE-2015-4237

THREAT TYPE

local

Trust: 0.9

sources: BID: 75528 // CNNVD: CNNVD-201507-093

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201507-093

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-003469

PATCH

title:	39583	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=39583	Trust: 0.8
title:	Cisco Nexus Operating System Device Command Line Interface Local Privilege Escalation Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/60497	Trust: 0.6

sources: CNVD: CNVD-2015-04324 // JVNDB: JVNDB-2015-003469

EXTERNAL IDS

db:	NVD	id:	CVE-2015-4237	Trust: 3.4
db:	SECTRACK	id:	1032775	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-003469	Trust: 0.8
db:	CNNVD	id:	CNNVD-201507-093	Trust: 0.7
db:	NSFOCUS	id:	30265	Trust: 0.6
db:	CNVD	id:	CNVD-2015-04324	Trust: 0.6
db:	BID	id:	75528	Trust: 0.4
db:	VULHUB	id:	VHN-82198	Trust: 0.1

sources: CNVD: CNVD-2015-04324 // VULHUB: VHN-82198 // BID: 75528 // JVNDB: JVNDB-2015-003469 // CNNVD: CNNVD-201507-093 // NVD: CVE-2015-4237

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=39583	Trust: 2.0
url:	http://www.securitytracker.com/id/1032775	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4237	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4237	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/30265	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2015-04324 // VULHUB: VHN-82198 // BID: 75528 // JVNDB: JVNDB-2015-003469 // CNNVD: CNNVD-201507-093 // NVD: CVE-2015-4237

CREDITS

Cisco

Trust: 0.3

sources: BID: 75528

SOURCES

db:	CNVD	id:	CNVD-2015-04324
db:	VULHUB	id:	VHN-82198
db:	BID	id:	75528
db:	JVNDB	id:	JVNDB-2015-003469
db:	CNNVD	id:	CNNVD-201507-093
db:	NVD	id:	CVE-2015-4237

LAST UPDATE DATE

2024-11-23T22:45:56.799000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-04324	date:	2015-07-08T00:00:00
db:	VULHUB	id:	VHN-82198	date:	2016-12-28T00:00:00
db:	BID	id:	75528	date:	2015-07-01T00:00:00
db:	JVNDB	id:	JVNDB-2015-003469	date:	2015-07-10T00:00:00
db:	CNNVD	id:	CNNVD-201507-093	date:	2015-07-10T00:00:00
db:	NVD	id:	CVE-2015-4237	date:	2024-11-21T02:30:41.570

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-04324	date:	2015-07-08T00:00:00
db:	VULHUB	id:	VHN-82198	date:	2015-07-03T00:00:00
db:	BID	id:	75528	date:	2015-07-01T00:00:00
db:	JVNDB	id:	JVNDB-2015-003469	date:	2015-07-10T00:00:00
db:	CNNVD	id:	CNNVD-201507-093	date:	2015-07-06T00:00:00
db:	NVD	id:	CVE-2015-4237	date:	2015-07-03T10:59:03.060