Lucene search

K
ciscoCiscoCISCO-SA-20131115-CVE-2013-5556
HistoryNov 15, 2013 - 5:46 p.m.

Cisco Nexus 1000V Series Switches Arbitrary Command Execution Vulnerability

2013-11-1517:46:06
tools.cisco.com
15

CVSS2

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:S/C:C/I:C/A:C

EPSS

0

Percentile

16.6%

A vulnerability in the license installation module of the Cisco Nexus 1000V could allow an authenticated, local attacker to execute arbitrary shell commands.

The vulnerability is due to a failure of the install all iso command to properly validate user-supplied input. An attacker could exploit this vulnerability by providing crafted arguments to the install all iso command.

Cisco has confirmed the vulnerability in a security notice and released software updates.

To exploit this vulnerability, an attacker would need local access to the targeted device, which decreases the likelihood of a successful exploit.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.

Affected configurations

Vulners
Node
cisconx_osMatch4.2\(1\)sv1
OR
cisconx_osMatch5.2\(1\)sm1
OR
cisconexus_1000vMatchanynexus_1000v
OR
cisconx_osMatch4.2\(1\)sv1\(4\)
OR
cisconx_osMatch4.2\(1\)sv1\(4a\)
OR
cisconx_osMatch4.2\(1\)sv1\(4b\)
OR
cisconx_osMatch4.2\(1\)sv1\(5.1\)
OR
cisconx_osMatch4.2\(1\)sv1\(5.1a\)
OR
cisconx_osMatch4.2\(1\)sv1\(5.2\)
OR
cisconx_osMatch4.2\(1\)sv1\(5.2b\)
OR
cisconx_osMatch5.2\(1\)sm1\(5.1\)
OR
ciscoweb_security_virtual_applianceMatch1000v_series_switches
VendorProductVersionCPE
cisconx_os4.2(1)sv1cpe:2.3:o:cisco:nx_os:4.2\(1\)sv1:*:*:*:*:*:*:*
cisconx_os5.2(1)sm1cpe:2.3:o:cisco:nx_os:5.2\(1\)sm1:*:*:*:*:*:*:*
cisconexus_1000vanycpe:2.3:h:cisco:nexus_1000v:any:*:*:*:*:nexus_1000v:*:*
cisconx_os4.2(1)sv1(4)cpe:2.3:o:cisco:nx_os:4.2\(1\)sv1\(4\):*:*:*:*:*:*:*
cisconx_os4.2(1)sv1(4a)cpe:2.3:o:cisco:nx_os:4.2\(1\)sv1\(4a\):*:*:*:*:*:*:*
cisconx_os4.2(1)sv1(4b)cpe:2.3:o:cisco:nx_os:4.2\(1\)sv1\(4b\):*:*:*:*:*:*:*
cisconx_os4.2(1)sv1(5.1)cpe:2.3:o:cisco:nx_os:4.2\(1\)sv1\(5.1\):*:*:*:*:*:*:*
cisconx_os4.2(1)sv1(5.1a)cpe:2.3:o:cisco:nx_os:4.2\(1\)sv1\(5.1a\):*:*:*:*:*:*:*
cisconx_os4.2(1)sv1(5.2)cpe:2.3:o:cisco:nx_os:4.2\(1\)sv1\(5.2\):*:*:*:*:*:*:*
cisconx_os4.2(1)sv1(5.2b)cpe:2.3:o:cisco:nx_os:4.2\(1\)sv1\(5.2b\):*:*:*:*:*:*:*
Rows per page:
1-10 of 121

CVSS2

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:S/C:C/I:C/A:C

EPSS

0

Percentile

16.6%

Related for CISCO-SA-20131115-CVE-2013-5556