CVE-2013-1191 - OpenCVE

Cisco NX-OS 6.1 before 6.1(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via crafted SSH key data in an SSH session to a management interface, aka Bug ID CSCud88400.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:H/Au:S/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Cisco	Nexus 7000 10-slot Nexus 7000 9-slot Nx-os Nexus 7000 Nexus 7000 18-slot

Configuration 1 [-]

AND

OR	cpe:2.3:o:cisco:nx-os:6.1:::::::*
	cpe:2.3:o:cisco:nx-os:6.1\(1\):::::::*
	cpe:2.3:o:cisco:nx-os:6.1\(2\):::::::*
	cpe:2.3:o:cisco:nx-os:6.1\(3\):::::::*
	cpe:2.3:o:cisco:nx-os:6.1\(4\):::::::*
	cpe:2.3:o:cisco:nx-os:6.1\(4a\):::::::*

OR	cpe:2.3:h:cisco:nexus_7000:-:::::::*
	cpe:2.3:h:cisco:nexus_7000_10-slot:-:::::::*
	cpe:2.3:h:cisco:nexus_7000_18-slot:-:::::::*
	cpe:2.3:h:cisco:nexus_7000_9-slot:-:::::::*

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2014-05-24T01:00:00

Updated: 2014-05-24T01:57:00

Reserved: 2013-01-11T00:00:00

Link: CVE-2013-1191

JSON object: View

NVD Information

Status : Analyzed

Published: 2014-05-26T00:25:31.673

Modified: 2014-05-27T16:05:21.940

Link: CVE-2013-1191

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-05-21T00:00:00", "descriptions": [{"lang": "en", "value": "Cisco NX-OS 6.1 before 6.1(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via crafted SSH key data in an SSH session to a management interface, aka Bug ID CSCud88400."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-05-24T01:57:00", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20140521 Multiple Vulnerabilities in Cisco NX-OS-Based Products", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2013-1191", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cisco NX-OS 6.1 before 6.1(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via crafted SSH key data in an SSH session to a management interface, aka Bug ID CSCud88400."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20140521 Multiple Vulnerabilities in Cisco NX-OS-Based Products", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos"}]}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2013-1191", "datePublished": "2014-05-24T01:00:00", "dateReserved": "2013-01-11T00:00:00", "dateUpdated": "2014-05-24T01:57:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "65FED959-8185-46B8-863E-1C29B2B6D729", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:6.1\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "C6F882AB-C25D-477F-96BF-7001BB77B955", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:6.1\\(2\\):*:*:*:*:*:*:*", "matchCriteriaId": "35E48EE6-C498-4E13-AC5E-28F6B4391725", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:6.1\\(3\\):*:*:*:*:*:*:*", "matchCriteriaId": "A3B41075-01D1-4832-A025-07A378F2A5E6", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:6.1\\(4\\):*:*:*:*:*:*:*", "matchCriteriaId": "858E4134-643C-422C-8441-5372F4BC25D8", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:6.1\\(4a\\):*:*:*:*:*:*:*", "matchCriteriaId": "A12BFDB0-4B90-4EB6-9CBE-A7A33C57EA9E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*", "matchCriteriaId": "12180BEB-7F21-4FA7-ABD2-E9A8EA7340F3", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:nexus_7000_10-slot:-:*:*:*:*:*:*:*", "matchCriteriaId": "B22B3865-30E9-4B5A-A37D-DC33F1150FFE", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:nexus_7000_18-slot:-:*:*:*:*:*:*:*", "matchCriteriaId": "459A7F11-52BF-4AD6-B495-4C4D6C050493", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:nexus_7000_9-slot:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB73543E-9B5B-4BA9-8FB4-666AF5AC8B6B", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Cisco NX-OS 6.1 before 6.1(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via crafted SSH key data in an SSH session to a management interface, aka Bug ID CSCud88400."}, {"lang": "es", "value": "Cisco NX-OS 6.1 anterior a 6.1(5) en dispositivos Nexus 7000, cuando autenticaci\u00f3n local y m\u00faltiples VDCs est\u00e1n habilitadas, permite a usuarios remotos autenticados ganar privilegios dentro de una VDC no intencionada a trav\u00e9s de datos de claves SSH manipulados en una sesi\u00f3n hacia una interfaz de gesti\u00f3n, tambi\u00e9n conocido como Bug ID CSCud88400."}], "id": "CVE-2013-1191", "lastModified": "2014-05-27T16:05:21.940", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-05-26T00:25:31.673", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}