cvelistv5 - cve-2015-4232

CVE-2015-4232 (GCVE-0-2015-4232)

Vulnerability from cvelistv5

Published

2015-07-03 10:00

Modified

2024-08-06 06:11

Severity ?

CWE

Summary

Cisco NX-OS 6.2(10) on Nexus and MDS 9000 devices allows local users to execute arbitrary OS commands by entering crafted tar parameters in the CLI, aka Bug ID CSCus44856.

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

ghsa-3hq6-jjwr-fjv7

Vulnerability from github

Published

2022-05-17 03:14

Modified

2022-05-17 03:14

Details

Cisco NX-OS 6.2(10) on Nexus and MDS 9000 devices allows local users to execute arbitrary OS commands by entering crafted tar parameters in the CLI, aka Bug ID CSCus44856.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-4232"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-07-03T10:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Cisco NX-OS 6.2(10) on Nexus and MDS 9000 devices allows local users to execute arbitrary OS commands by entering crafted tar parameters in the CLI, aka Bug ID CSCus44856.",
  "id": "GHSA-3hq6-jjwr-fjv7",
  "modified": "2022-05-17T03:14:03Z",
  "published": "2022-05-17T03:14:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4232"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39569"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/75503"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032764"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2015-4232

Vulnerability from fkie_nvd

Published

2015-07-03 10:59

Modified

2025-04-12 10:46

Severity ?

Summary

Cisco NX-OS 6.2(10) on Nexus and MDS 9000 devices allows local users to execute arbitrary OS commands by entering crafted tar parameters in the CLI, aka Bug ID CSCus44856.

References

URL	Tags
psirt@cisco.com	http://tools.cisco.com/security/center/viewAlert.x?alertId=39569	Vendor Advisory
psirt@cisco.com	http://www.securityfocus.com/bid/75503	Third Party Advisory, VDB Entry
psirt@cisco.com	http://www.securitytracker.com/id/1032764	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/viewAlert.x?alertId=39569	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/75503	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032764	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
cisco	nx-os	6.2\(10\)
cisco	mds_9100	-
cisco	mds_9200	-
cisco	mds_9500	-
cisco	mds_9700	-
cisco	nexus_93120tx	-
cisco	nexus_93128tx	-
cisco	nexus_9332pq	-
cisco	nexus_9336pq_aci_spine	-
cisco	nexus_9372px	-
cisco	nexus_9372tx	-
cisco	nexus_9396px	-
cisco	nexus_9396tx	-
cisco	nexus_9504	-
cisco	nexus_9508	-
cisco	nexus_9516	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:6.2\\(10\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "ED7B1216-4C4F-4A23-9474-23876649ABF3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:mds_9100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "54C0D908-D7BA-48C3-9963-14A3A32A2662",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:mds_9200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B25B92ED-37C0-4653-9C5E-B4C13C46464C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:mds_9500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2374E02D-46FE-477F-A74D-49E72149E6EC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:mds_9700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C44335D8-8A78-486C-A325-9691FA4C3271",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "07DE6F63-2C7D-415B-8C34-01EC05C062F3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_93128tx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F423E45D-A6DD-4305-9C6A-EAB26293E53A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_9332pq:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "113772B6-E9D2-4094-9468-3F4E1A87D07D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_9336pq_aci_spine:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "785FD17C-F32E-4042-9DDE-A89B3AAE0334",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_9372px:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4364ADB9-8162-451D-806A-B98924E6B2CF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_9372tx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "49E0371B-FDE2-473C-AA59-47E1269D050F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_9396px:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BC5293E-F2B4-46DC-85DA-167EA323FCFD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_9396tx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA022E77-6557-4A33-9A3A-D028E2DB669A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_9504:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "768BE390-5ED5-48A7-9E80-C4DE8BA979B1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_9508:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDC2F709-AFBE-48EA-A3A2-DA1134534FB6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:nexus_9516:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E02DC82-0D26-436F-BA64-73C958932B0A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco NX-OS 6.2(10) on Nexus and MDS 9000 devices allows local users to execute arbitrary OS commands by entering crafted tar parameters in the CLI, aka Bug ID CSCus44856."
    },
    {
      "lang": "es",
      "value": "Cisco NX-OS 6.2(10) en los dispositivos Nexus y MDS 9000 permite a usuarios locales ejecutar comandos del sistema operativo arbitrarios mediante la entrada de par\u00e1metro tar manipulados en la interfaz l\u00edneas de comando, tambi\u00e9n conocido como Bug ID CSCus44856."
    }
  ],
  "id": "CVE-2015-4232",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-07-03T10:59:01.343",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39569"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/75503"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032764"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39569"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/75503"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032764"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2015-4232

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Cisco NX-OS 6.2(10) on Nexus and MDS 9000 devices allows local users to execute arbitrary OS commands by entering crafted tar parameters in the CLI, aka Bug ID CSCus44856.

Aliases

CVE-2015-4232

Aliases

CVE-2015-4232

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-4232",
    "description": "Cisco NX-OS 6.2(10) on Nexus and MDS 9000 devices allows local users to execute arbitrary OS commands by entering crafted tar parameters in the CLI, aka Bug ID CSCus44856.",
    "id": "GSD-2015-4232"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-4232"
      ],
      "details": "Cisco NX-OS 6.2(10) on Nexus and MDS 9000 devices allows local users to execute arbitrary OS commands by entering crafted tar parameters in the CLI, aka Bug ID CSCus44856.",
      "id": "GSD-2015-4232",
      "modified": "2023-12-13T01:19:59.208334Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2015-4232",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cisco NX-OS 6.2(10) on Nexus and MDS 9000 devices allows local users to execute arbitrary OS commands by entering crafted tar parameters in the CLI, aka Bug ID CSCus44856."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20150630 Cisco Nexus Devices NX-OS Software Command-Line Interpreter Local Privilege Escalation Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39569"
          },
          {
            "name": "1032764",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1032764"
          },
          {
            "name": "75503",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/75503"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:nx-os:6.2\\(10\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:nexus_9508:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:nexus_9504:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:nexus_9396tx:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:nexus_9396px:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:nexus_9372px:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:mds_9500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:nexus_9332pq:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:nexus_9336pq_aci_spine:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:mds_9100:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:mds_9200:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:nexus_9516:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:nexus_9372tx:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:nexus_93128tx:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:mds_9700:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-4232"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cisco NX-OS 6.2(10) on Nexus and MDS 9000 devices allows local users to execute arbitrary OS commands by entering crafted tar parameters in the CLI, aka Bug ID CSCus44856."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20150630 Cisco Nexus Devices NX-OS Software Command-Line Interpreter Local Privilege Escalation Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39569"
            },
            {
              "name": "75503",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/75503"
            },
            {
              "name": "1032764",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1032764"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": true,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2016-12-28T17:18Z",
      "publishedDate": "2015-07-03T10:59Z"
    }
  }
}

Cisco NX-OS 6.2(10) on Nexus and MDS 9000 devices allows local users to execute arbitrary OS commands by entering crafted tar parameters in the CLI, aka Bug ID CSCus44856. Cisco Nexus and MDS 9000 Run on device Cisco NX-OS Any OS A command execution vulnerability exists. Nexus is Cisco's line of network switches designed for data centers. On the command line interpreter of the Cisco Nexus device, the parameter input filtering of the tar command is invalid. There are multiple privilege escalation vulnerabilities. An authenticated local attacker can use this vulnerability to gain elevated privileges and execute arbitrary commands on the underlying operating system. Cisco NX-OS software is a data center-level operating system that reflects modular design, resiliency, and maintainability. Cisco NX-OS Software for Nexus Series is prone to a local privilege-escalation vulnerability. This issue is being tracked by Cisco Bug ID CSCus44856

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201507-0520",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "6.2\\(10\\)"
      },
      {
        "model": "mds 9100 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mds 9200 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mds 9500",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "mds 9700",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nexus 93120tx switch",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nexus 93128tx switch",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nexus 9332pq switch",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nexus 9336pq aci spini switch",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nexus 9372px switch",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nexus 9372tx switch",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nexus 9396px switch",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nexus 9396tx switch",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nexus 9504 switch",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nexus 9508 switch",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nexus 9516 switch",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "6.2(10)"
      },
      {
        "model": "mds nx-os software",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "9000\u003e=6.2(10)"
      },
      {
        "model": "nexus nx-os software",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "6.2(10)"
      },
      {
        "model": "nx-os 6.2 (on nexus and mds",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "9000)"
      },
      {
        "model": "nx-os software for nexus series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70006.2(10)"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-04196"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-04580"
      },
      {
        "db": "BID",
        "id": "75503"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003467"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-091"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4232"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:cisco:mds_9100",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:cisco:mds_9200",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:cisco:mds_9500",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:cisco:mds_9700",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:cisco:nexus_93120tx",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:cisco:nexus_93128tx",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:cisco:nexus_9332pq",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:cisco:nexus_9336pq_aci_spine",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:cisco:nexus_9372px",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:cisco:nexus_9372tx",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:cisco:nexus_9396px",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:cisco:nexus_9396tx",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:cisco:nexus_9504",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:cisco:nexus_9508",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:cisco:nexus_9516",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:cisco:nx-os",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003467"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Jens Krabbenhoeft",
    "sources": [
      {
        "db": "BID",
        "id": "75503"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-4232",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CVE-2015-4232",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.1,
            "id": "CNVD-2015-04196",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.1,
            "id": "CNVD-2015-04580",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-82193",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2015-4232",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2015-4232",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2015-04196",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2015-04580",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201507-091",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-82193",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-04196"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-04580"
      },
      {
        "db": "VULHUB",
        "id": "VHN-82193"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003467"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-091"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4232"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco NX-OS 6.2(10) on Nexus and MDS 9000 devices allows local users to execute arbitrary OS commands by entering crafted tar parameters in the CLI, aka Bug ID CSCus44856. Cisco Nexus and MDS 9000 Run on device Cisco NX-OS Any OS A command execution vulnerability exists. Nexus is Cisco\u0027s line of network switches designed for data centers. On the command line interpreter of the Cisco Nexus device, the parameter input filtering of the tar command is invalid. There are multiple privilege escalation vulnerabilities. An authenticated local attacker can use this vulnerability to gain elevated privileges and execute arbitrary commands on the underlying operating system. Cisco NX-OS software is a data center-level operating system that reflects modular design, resiliency, and maintainability. Cisco NX-OS Software for Nexus Series is prone to a local privilege-escalation vulnerability. \nThis issue is being tracked by Cisco Bug ID CSCus44856",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-4232"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003467"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-04196"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-04580"
      },
      {
        "db": "BID",
        "id": "75503"
      },
      {
        "db": "VULHUB",
        "id": "VHN-82193"
      }
    ],
    "trust": 3.06
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-4232",
        "trust": 4.0
      },
      {
        "db": "BID",
        "id": "75503",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1032764",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003467",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-091",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-04196",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-04580",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-82193",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-04196"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-04580"
      },
      {
        "db": "VULHUB",
        "id": "VHN-82193"
      },
      {
        "db": "BID",
        "id": "75503"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003467"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-091"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4232"
      }
    ]
  },
  "id": "VAR-201507-0520",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-04196"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-04580"
      },
      {
        "db": "VULHUB",
        "id": "VHN-82193"
      }
    ],
    "trust": 2.12954545
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 1.2
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-04196"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-04580"
      }
    ]
  },
  "last_update_date": "2024-11-23T23:09:14.867000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "39569",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39569"
      },
      {
        "title": "Patch for Cisco Nexus Device NS-OS Software Command Line Interpreter Local Privilege Escalation Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/60299"
      },
      {
        "title": "Patch for Cisco NX-OS \u0027tar\u0027 Command Verify Privilege Escalation Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/60928"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-04196"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-04580"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003467"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82193"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003467"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4232"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.2,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39569"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/75503"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1032764"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4232"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4232"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-04196"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-04580"
      },
      {
        "db": "VULHUB",
        "id": "VHN-82193"
      },
      {
        "db": "BID",
        "id": "75503"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003467"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-091"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4232"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-04196"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-04580"
      },
      {
        "db": "VULHUB",
        "id": "VHN-82193"
      },
      {
        "db": "BID",
        "id": "75503"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003467"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-091"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4232"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-07-03T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-04196"
      },
      {
        "date": "2015-07-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-04580"
      },
      {
        "date": "2015-07-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-82193"
      },
      {
        "date": "2015-06-30T00:00:00",
        "db": "BID",
        "id": "75503"
      },
      {
        "date": "2015-07-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003467"
      },
      {
        "date": "2015-07-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201507-091"
      },
      {
        "date": "2015-07-03T10:59:01.343000",
        "db": "NVD",
        "id": "CVE-2015-4232"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-07-03T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-04196"
      },
      {
        "date": "2015-07-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-04580"
      },
      {
        "date": "2016-12-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-82193"
      },
      {
        "date": "2015-06-30T00:00:00",
        "db": "BID",
        "id": "75503"
      },
      {
        "date": "2015-07-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003467"
      },
      {
        "date": "2015-07-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201507-091"
      },
      {
        "date": "2024-11-21T02:30:40.970000",
        "db": "NVD",
        "id": "CVE-2015-4232"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "75503"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-091"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Nexus and  MDS 9000 Run on device  Cisco NX-OS In any  OS Command execution vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003467"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-091"
      }
    ],
    "trust": 0.6
  }
}

cnvd-2015-04580

Vulnerability from cnvd

Title

Cisco NX-OS 'tar'命令校验权限提升漏洞

Description

Cisco NX-OS软件是一个数据中心级的操作系统,该操作系统体现模块化设计、永续性和可维护性。 Cisco NX-OS存在安全漏洞，允许本地用户通过命令解释器，向tar命令提交特殊的参数值，执行任意系统命令。

Severity

中

Patch Name

Cisco NX-OS 'tar'命令校验权限提升漏洞的补丁

Patch Description

Cisco NX-OS软件是一个数据中心级的操作系统,该操作系统体现模块化设计、永续性和可维护性。Cisco NX-OS存在安全漏洞，允许本地用户通过命令解释器，向tar命令提交特殊的参数值，执行任意系统命令。目前，厂商已经发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://tools.cisco.com/security/center/viewAlert.x?alertId=39569

Reference

http://tools.cisco.com/security/center/viewAlert.x?alertId=39569

Impacted products

Name
Cisco NX-OS 6.2(10)(on Nexus and MDS 9000 )

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "75503"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-4232"
    }
  },
  "description": "Cisco NX-OS\u8f6f\u4ef6\u662f\u4e00\u4e2a\u6570\u636e\u4e2d\u5fc3\u7ea7\u7684\u64cd\u4f5c\u7cfb\u7edf,\u8be5\u64cd\u4f5c\u7cfb\u7edf\u4f53\u73b0\u6a21\u5757\u5316\u8bbe\u8ba1\u3001\u6c38\u7eed\u6027\u548c\u53ef\u7ef4\u62a4\u6027\u3002\r\n\r\nCisco NX-OS\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u672c\u5730\u7528\u6237\u901a\u8fc7\u547d\u4ee4\u89e3\u91ca\u5668\uff0c\u5411tar\u547d\u4ee4\u63d0\u4ea4\u7279\u6b8a\u7684\u53c2\u6570\u503c\uff0c\u6267\u884c\u4efb\u610f\u7cfb\u7edf\u547d\u4ee4\u3002",
  "discovererName": "Jens Krabbenhoeft",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttp://tools.cisco.com/security/center/viewAlert.x?alertId=39569",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-04580",
  "openTime": "2015-07-16",
  "patchDescription": "Cisco NX-OS\u8f6f\u4ef6\u662f\u4e00\u4e2a\u6570\u636e\u4e2d\u5fc3\u7ea7\u7684\u64cd\u4f5c\u7cfb\u7edf,\u8be5\u64cd\u4f5c\u7cfb\u7edf\u4f53\u73b0\u6a21\u5757\u5316\u8bbe\u8ba1\u3001\u6c38\u7eed\u6027\u548c\u53ef\u7ef4\u62a4\u6027\u3002Cisco NX-OS\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u672c\u5730\u7528\u6237\u901a\u8fc7\u547d\u4ee4\u89e3\u91ca\u5668\uff0c\u5411tar\u547d\u4ee4\u63d0\u4ea4\u7279\u6b8a\u7684\u53c2\u6570\u503c\uff0c\u6267\u884c\u4efb\u610f\u7cfb\u7edf\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco NX-OS \u0027tar\u0027\u547d\u4ee4\u6821\u9a8c\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco NX-OS 6.2(10)(on Nexus and MDS 9000 )"
  },
  "referenceLink": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39569",
  "serverity": "\u4e2d",
  "submitTime": "2015-07-15",
  "title": "Cisco NX-OS \u0027tar\u0027\u547d\u4ee4\u6821\u9a8c\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

cnvd-2015-04196

Vulnerability from cnvd

Title

Cisco Nexus设备NS-OS软件命令行解释器本地权限提升漏洞

Description

Nexus是思科的网络交换机系列产品，专为数据中心设计。 Cisco Nexus设备的命令行解释器上，tar命令的参数输入过滤无效，存在多个权限提升漏洞，经过身份验证的本地攻击者利用此漏洞可以获取提升的权限，在下层操作系统上执行任意命令。

Severity

中

Patch Name

Cisco Nexus设备NS-OS软件命令行解释器本地权限提升漏洞的补丁

Patch Description

Nexus是思科的网络交换机系列产品，专为数据中心设计。Cisco Nexus设备的命令行解释器上，tar命令的参数输入过滤无效，存在多个权限提升漏洞，经过身份验证的本地攻击者利用此漏洞可以获取提升的权限，在下层操作系统上执行任意命令。目前，厂商已经发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了安全公告及相关升级补丁,修复了此安全问题,请到厂商主页下载: http://tools.cisco.com/security/center/viewAlert.x?alertId=39569

Reference

http://tools.cisco.com/security/center/viewAlert.x?alertId=39569

Impacted products

Name
['Cisco MDS 9000 NX-OS Software >=6.2(10)', 'Cisco Nexus NX-OS Software >=6.2(10)']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-4232"
    }
  },
  "description": "Nexus\u662f\u601d\u79d1\u7684\u7f51\u7edc\u4ea4\u6362\u673a\u7cfb\u5217\u4ea7\u54c1\uff0c\u4e13\u4e3a\u6570\u636e\u4e2d\u5fc3\u8bbe\u8ba1\u3002\r\n\r\nCisco Nexus\u8bbe\u5907\u7684\u547d\u4ee4\u884c\u89e3\u91ca\u5668\u4e0a\uff0ctar\u547d\u4ee4\u7684\u53c2\u6570\u8f93\u5165\u8fc7\u6ee4\u65e0\u6548\uff0c\u5b58\u5728\u591a\u4e2a\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u672c\u5730\u653b\u51fb\u8005\u5229\u7528\u6b64\u6f0f\u6d1e\u53ef\u4ee5\u83b7\u53d6\u63d0\u5347\u7684\u6743\u9650\uff0c\u5728\u4e0b\u5c42\u64cd\u4f5c\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002",
  "discovererName": "Jens Krabbenhoeft",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u5347\u7ea7\u8865\u4e01,\u4fee\u590d\u4e86\u6b64\u5b89\u5168\u95ee\u9898,\u8bf7\u5230\u5382\u5546\u4e3b\u9875\u4e0b\u8f7d:\r\nhttp://tools.cisco.com/security/center/viewAlert.x?alertId=39569",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-04196",
  "openTime": "2015-07-03",
  "patchDescription": "Nexus\u662f\u601d\u79d1\u7684\u7f51\u7edc\u4ea4\u6362\u673a\u7cfb\u5217\u4ea7\u54c1\uff0c\u4e13\u4e3a\u6570\u636e\u4e2d\u5fc3\u8bbe\u8ba1\u3002Cisco Nexus\u8bbe\u5907\u7684\u547d\u4ee4\u884c\u89e3\u91ca\u5668\u4e0a\uff0ctar\u547d\u4ee4\u7684\u53c2\u6570\u8f93\u5165\u8fc7\u6ee4\u65e0\u6548\uff0c\u5b58\u5728\u591a\u4e2a\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u672c\u5730\u653b\u51fb\u8005\u5229\u7528\u6b64\u6f0f\u6d1e\u53ef\u4ee5\u83b7\u53d6\u63d0\u5347\u7684\u6743\u9650\uff0c\u5728\u4e0b\u5c42\u64cd\u4f5c\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Nexus\u8bbe\u5907NS-OS\u8f6f\u4ef6\u547d\u4ee4\u884c\u89e3\u91ca\u5668\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco MDS 9000 NX-OS Software \u003e=6.2(10)",
      "Cisco Nexus NX-OS Software \u003e=6.2(10)"
    ]
  },
  "referenceLink": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39569",
  "serverity": "\u4e2d",
  "submitTime": "2015-07-02",
  "title": "Cisco Nexus\u8bbe\u5907NS-OS\u8f6f\u4ef6\u547d\u4ee4\u884c\u89e3\u91ca\u5668\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2015-4232 (GCVE-0-2015-4232)

Vulnerability from cvelistv5

ghsa-3hq6-jjwr-fjv7

Vulnerability from github

fkie_cve-2015-4232

Vulnerability from fkie_nvd

gsd-2015-4232

Vulnerability from gsd

var-201507-0520

Vulnerability from variot

cnvd-2015-04580

Vulnerability from cnvd

cnvd-2015-04196

Vulnerability from cnvd

Tags

Sightings

Nomenclature