Lucene search

CiscoCVE-2016-1455

HistoryOct 05, 2016 - 8:59 p.m.

CVE-2016-1455

2016-10-0520:59:00

CWE-200

cisco

web.nvd.nist.gov

cve

2016

1455

cisco

nx-os

iptables

configuration

remote attackers

sensitive information

tcp

udp

bug id

cscuz05365

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.3

Confidence

High

EPSS

0.003

Percentile

66.3%

JSON

Cisco NX-OS before 7.0(3)I2(2e) and 7.0(3)I4 before 7.0(3)I4(1) has an incorrect iptables local-interface configuration, which allows remote attackers to obtain sensitive information via TCP or UDP traffic, aka Bug ID CSCuz05365.

Affected configurations

Nvd

Node

cisconx-osMatch7.0\(3\)

cisconx-osMatch7.0\(3\)i1\(1\)

cisconx-osMatch7.0\(3\)i1\(1a\)

cisconx-osMatch7.0\(3\)i1\(1b\)

cisconx-osMatch7.0\(3\)i1\(2\)

AND

cisconexus_93128Match-

cisconexus_9396pxMatch-

cisconexus_9396txMatch-

cisconexus_9504Match-

cisconexus_9508Match-

cisconexus_9516Match-

cisconexus_n9336pqMatch-

VendorProductVersionCPE
cisconx-os7.0(3)cpe:2.3:o:cisco:nx-os:7.0\(3\):*:*:*:*:*:*:*
cisconx-os7.0(3)i1(1)cpe:2.3:o:cisco:nx-os:7.0\(3\)i1\(1\):*:*:*:*:*:*:*
cisconx-os7.0(3)i1(1a)cpe:2.3:o:cisco:nx-os:7.0\(3\)i1\(1a\):*:*:*:*:*:*:*
cisconx-os7.0(3)i1(1b)cpe:2.3:o:cisco:nx-os:7.0\(3\)i1\(1b\):*:*:*:*:*:*:*
cisconx-os7.0(3)i1(2)cpe:2.3:o:cisco:nx-os:7.0\(3\)i1\(2\):*:*:*:*:*:*:*
cisconexus_93128-cpe:2.3:h:cisco:nexus_93128:-:*:*:*:*:*:*:*
cisconexus_9396px-cpe:2.3:h:cisco:nexus_9396px:-:*:*:*:*:*:*:*
cisconexus_9396tx-cpe:2.3:h:cisco:nexus_9396tx:-:*:*:*:*:*:*:*
cisconexus_9504-cpe:2.3:h:cisco:nexus_9504:-:*:*:*:*:*:*:*
cisconexus_9508-cpe:2.3:h:cisco:nexus_9508:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	nx-os	7.0(3)	cpe:2.3:o:cisco:nx-os:7.0\(3\):::::::*
cisco	nx-os	7.0(3)i1(1)	cpe:2.3:o:cisco:nx-os:7.0\(3\)i1\(1\):::::::*
cisco	nx-os	7.0(3)i1(1a)	cpe:2.3:o:cisco:nx-os:7.0\(3\)i1\(1a\):::::::*
cisco	nx-os	7.0(3)i1(1b)	cpe:2.3:o:cisco:nx-os:7.0\(3\)i1\(1b\):::::::*
cisco	nx-os	7.0(3)i1(2)	cpe:2.3:o:cisco:nx-os:7.0\(3\)i1\(2\):::::::*
cisco	nexus_93128	-	cpe:2.3:h:cisco:nexus_93128:-:::::::*
cisco	nexus_9396px	-	cpe:2.3:h:cisco:nexus_9396px:-:::::::*
cisco	nexus_9396tx	-	cpe:2.3:h:cisco:nexus_9396tx:-:::::::*
cisco	nexus_9504	-	cpe:2.3:h:cisco:nexus_9504:-:::::::*
cisco	nexus_9508	-	cpe:2.3:h:cisco:nexus_9508:-:::::::*

Rows per page:

1-10 of 121

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-n9kinfo

www.securityfocus.com/bid/93415

www.securitytracker.com/id/1036957

Social References

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.3

Confidence

High

EPSS

0.003

Percentile

66.3%

JSON

Related for CVE-2016-1455