ID
VAR-201602-0068
CVE
CVE-2016-1341
TITLE
Cisco Nexus 2000 Fabric Extender Run on device Cisco NX-OS Vulnerability gained in
Trust: 0.8
DESCRIPTION
Cisco NX-OS 7.0(1)N1(1), 7.0(1)N1(3), and 7.0(4)N1(1) on Nexus 2000 Fabric Extender devices has a blank root password, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCur22079. Vendors have confirmed this vulnerability Bug ID CSCur22079 It is released as.Authority may be obtained by local users. Cisco NX-OS is a data center-class operating system from Cisco Systems, Inc. that reflects modular design, resiliency, and maintainability. The vulnerability is caused by the program not setting a password for the root account. A local attacker could exploit this vulnerability to gain privileges. The following releases are affected: Cisco NX-OS Release 7.0(1)N1(1), Release 7.0(1)N1(3), Release 7.0(4)N1(1)
Trust: 2.25
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 7.0\(1\)n1\(3\) | Trust: 1.6 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 7.0\(1\)n1\(1\) | Trust: 1.6 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 7.0\(4\)n1\(1\) | Trust: 1.6 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 7.0(1)n1(1) | Trust: 0.8 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 7.0(1)n1(3) | Trust: 0.8 |
| vendor: | cisco | model: | nx-os | scope: | eq | version: | 7.0(4)n1(1) | Trust: 0.8 |
| vendor: | cisco | model: | nexus series | scope: | eq | version: | 2000 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-255 | Trust: 1.9 |
| problemtype: | CWE-264 | Trust: 1.9 |
THREAT TYPE
local
Trust: 0.6
TYPE
trust management
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | cisco-sa-20160223-nx2000 | url: | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160223-nx2000 | Trust: 0.8 |
| title: | Patch for Cisco NX-OS Privilege Escalation Vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/71922 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2016-1341 | Trust: 3.1 |
| db: | SECTRACK | id: | 1035088 | Trust: 1.1 |
| db: | JVNDB | id: | JVNDB-2016-001687 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201602-448 | Trust: 0.7 |
| db: | BID | id: | 83358 | Trust: 0.6 |
| db: | CNVD | id: | CNVD-2016-01317 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-90160 | Trust: 0.1 |
REFERENCES
| url: | http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160223-nx2000 | Trust: 2.3 |
| url: | http://www.securitytracker.com/id/1035088 | Trust: 1.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1341 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1341 | Trust: 0.8 |
SOURCES
| db: | CNVD | id: | CNVD-2016-01317 |
| db: | VULHUB | id: | VHN-90160 |
| db: | JVNDB | id: | JVNDB-2016-001687 |
| db: | CNNVD | id: | CNNVD-201602-448 |
| db: | NVD | id: | CVE-2016-1341 |
LAST UPDATE DATE
2024-11-23T22:34:51.139000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2016-01317 | date: | 2016-02-26T00:00:00 |
| db: | VULHUB | id: | VHN-90160 | date: | 2016-12-06T00:00:00 |
| db: | JVNDB | id: | JVNDB-2016-001687 | date: | 2016-03-14T00:00:00 |
| db: | CNNVD | id: | CNNVD-201602-448 | date: | 2016-02-25T00:00:00 |
| db: | NVD | id: | CVE-2016-1341 | date: | 2024-11-21T02:46:13.080 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2016-01317 | date: | 2016-02-26T00:00:00 |
| db: | VULHUB | id: | VHN-90160 | date: | 2016-02-24T00:00:00 |
| db: | JVNDB | id: | JVNDB-2016-001687 | date: | 2016-03-14T00:00:00 |
| db: | CNNVD | id: | CNNVD-201602-448 | date: | 2016-02-25T00:00:00 |
| db: | NVD | id: | CVE-2016-1341 | date: | 2016-02-24T03:59:01.087 |