CVE-2013-1191

Cisco NX-OS 6.1 before 6.1(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via crafted SSH key data in an SSH session to a management interface, aka Bug ID CSCud88400.

CVSS v2.0 7.1 HIGH

7.1^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:H/Au:S/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector NETWORK

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos	Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:cisco:nx-os:6.1:::::::*
	cpe:2.3:o:cisco:nx-os:6.1\(1\):::::::*
	cpe:2.3:o:cisco:nx-os:6.1\(2\):::::::*
	cpe:2.3:o:cisco:nx-os:6.1\(3\):::::::*
	cpe:2.3:o:cisco:nx-os:6.1\(4\):::::::*
	cpe:2.3:o:cisco:nx-os:6.1\(4a\):::::::*

OR	cpe:2.3:h:cisco:nexus_7000:-:::::::*
	cpe:2.3:h:cisco:nexus_7000_10-slot:-:::::::*
	cpe:2.3:h:cisco:nexus_7000_18-slot:-:::::::*
	cpe:2.3:h:cisco:nexus_7000_9-slot:-:::::::*

History

21 Nov 2024, 01:49

Type	Values Removed	Values Added
References	~~() http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos - Vendor Advisory~~	() http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos - Vendor Advisory

Information

Published : 2014-05-26 00:25

Updated : 2024-11-21 01:49

NVD link : CVE-2013-1191

Mitre link : CVE-2013-1191

CVE.ORG link : CVE-2013-1191

JSON object : View

Products Affected

cisco

nexus_7000_9-slot
nx-os
nexus_7000_18-slot
nexus_7000_10-slot
nexus_7000

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2013-1191", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-05-26T00:25:31.673", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "Cisco NX-OS 6.1 before 6.1(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via crafted SSH key data in an SSH session to a management interface, aka Bug ID CSCud88400."}, {"lang": "es", "value": "Cisco NX-OS 6.1 anterior a 6.1(5) en dispositivos Nexus 7000, cuando autenticaci\u00f3n local y m\u00faltiples VDCs est\u00e1n habilitadas, permite a usuarios remotos autenticados ganar privilegios dentro de una VDC no intencionada a trav\u00e9s de datos de claves SSH manipulados en una sesi\u00f3n hacia una interfaz de gesti\u00f3n, tambi\u00e9n conocido como Bug ID CSCud88400."}], "lastModified": "2024-11-21T01:49:05.073", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65FED959-8185-46B8-863E-1C29B2B6D729"}, {"criteria": "cpe:2.3:o:cisco:nx-os:6.1\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6F882AB-C25D-477F-96BF-7001BB77B955"}, {"criteria": "cpe:2.3:o:cisco:nx-os:6.1\\(2\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35E48EE6-C498-4E13-AC5E-28F6B4391725"}, {"criteria": "cpe:2.3:o:cisco:nx-os:6.1\\(3\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3B41075-01D1-4832-A025-07A378F2A5E6"}, {"criteria": "cpe:2.3:o:cisco:nx-os:6.1\\(4\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "858E4134-643C-422C-8441-5372F4BC25D8"}, {"criteria": "cpe:2.3:o:cisco:nx-os:6.1\\(4a\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A12BFDB0-4B90-4EB6-9CBE-A7A33C57EA9E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12180BEB-7F21-4FA7-ABD2-E9A8EA7340F3"}, {"criteria": "cpe:2.3:h:cisco:nexus_7000_10-slot:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B22B3865-30E9-4B5A-A37D-DC33F1150FFE"}, {"criteria": "cpe:2.3:h:cisco:nexus_7000_18-slot:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "459A7F11-52BF-4AD6-B495-4C4D6C050493"}, {"criteria": "cpe:2.3:h:cisco:nexus_7000_9-slot:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB73543E-9B5B-4BA9-8FB4-666AF5AC8B6B"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}