Cisco-SA-20131223-CVE-2012-4131

Cisco NX-OS Arbitrary File Access Vulnerability

Cisco-SA-20131223-CVE-2012-4131 · Medium · Published 12 years ago · Updated 12 years ago

A vulnerability in the Command Line Interface (CLI) of the Cisco NX-OS Software could allow an authenticated, local attacker to access arbitrary files on the device. The vulnerability is due to improper filtering of user input. An attacker could exploit this vulnerability by leveraging the tar command to perform a directory traversal attack. An exploit could allow the attacker to access arbitrary files on an affected device. Cisco has confirmed the vulnerability in a security notice; however, software updates are not available. To exploit this vulnerability, an attacker must have local access to the targeted device. This access requirement decreases the likelihood of a successful exploit. Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.

Cisco advisory · CSAF JSON

Workarounds

Administrators are advised to contact the vendor regarding future updates and releases.

Administrators are advised to allow only trusted users to access local systems.

Administrators are advised to allow only privileged users to access administration or management systems.

Administrators are advised to monitor affected systems.

CVEs	CVE-2012-4131
Cisco Bug IDs	CSCty07157, CSCty07159, CSCty07162, CSCty07164
CVSS Score	Base 4.3 Base 4.3 AV:L/AC:L/Au:S/C:P/I:P/A:P/E:F/RL:U/RC:C
Product Names From Source	Cisco Virtual Security Gateway for Nexus 1000V Series Switches, Cisco Nexus 1000V InterCloud for VMware, Cisco NX-OS Software 4.1(2), Cisco NX-OS Software 4.1(3), Cisco NX-OS Software 4.1(4), Cisco NX-OS Software 4.1(5), Cisco NX-OS Software 5.0(2a), Cisco NX-OS Software 5.0(3), Cisco NX-OS Software 5.0(5), Cisco NX-OS Software 4.2(2a), Cisco NX-OS Software 4.2(3), Cisco NX-OS Software 4.2(4), Cisco NX-OS Software 4.2(6), Cisco NX-OS Software 4.2(8), Cisco NX-OS Software 5.1(1), Cisco NX-OS Software 5.1(1a), Cisco NX-OS Software 5.1(3), Cisco NX-OS Software 5.1(4), Cisco NX-OS Software 5.1(5), Cisco NX-OS Software 5.1(6), Cisco NX-OS Software 5.2(1), Cisco NX-OS Software 5.2(3a), Cisco NX-OS Software 5.2(4), Cisco NX-OS Software 5.2(5), Cisco NX-OS Software 5.2(7), Cisco NX-OS Software 5.2(9), Cisco NX-OS Software 6.1(1), Cisco NX-OS Software 6.1(2), Cisco NX-OS Software 6.1(3), Cisco NX-OS Software 6.1(4), Cisco NX-OS Software 6.1(4a), Cisco NX-OS Software 4.0(0)N1(1a), Cisco NX-OS Software 4.0(0)N1(2), Cisco NX-OS Software 4.0(0)N1(2a), Cisco NX-OS Software 4.0(1a)N1(1), Cisco NX-OS Software 4.0(1a)N1(1a), Cisco NX-OS Software 4.0(1a)N2(1), Cisco NX-OS Software 4.0(1a)N2(1a), Cisco NX-OS Software 4.1(3)N1(1), Cisco NX-OS Software 4.1(3)N1(1a), Cisco NX-OS Software 4.1(3)N2(1), Cisco NX-OS Software 4.1(3)N2(1a), Cisco NX-OS Software 4.2(1)N1(1), Cisco NX-OS Software 4.2(1)N2(1), Cisco NX-OS Software 4.2(1)N2(1a), Cisco NX-OS Software 4.2(1)SV1(4), Cisco NX-OS Software 4.2(1)SV1(4a), Cisco NX-OS Software 4.2(1)SV1(4b), Cisco NX-OS Software 4.2(1)SV1(5.1), Cisco NX-OS Software 4.2(1)SV1(5.1a), Cisco NX-OS Software 4.2(1)SV1(5.2), Cisco NX-OS Software 4.2(1)SV1(5.2b), Cisco NX-OS Software 4.2(1)SV2(1.1), Cisco NX-OS Software 4.2(1)SV2(1.1a), Cisco NX-OS Software 5.0(2)N1(1), Cisco NX-OS Software 5.0(2)N2(1), Cisco NX-OS Software 5.0(2)N2(1a), Cisco NX-OS Software 5.0(3)N1(1c), Cisco NX-OS Software 5.0(3)N2(1), Cisco NX-OS Software 5.0(3)N2(2), Cisco NX-OS Software 5.0(3)N2(2a), Cisco NX-OS Software 5.0(3)N2(2b), Cisco NX-OS Software 5.0(3)U1(1), Cisco NX-OS Software 5.0(3)U1(1a), Cisco NX-OS Software 5.0(3)U1(1b), Cisco NX-OS Software 5.0(3)U1(1d), Cisco NX-OS Software 5.0(3)U1(2), Cisco NX-OS Software 5.0(3)U1(2a), Cisco NX-OS Software 5.0(3)U2(1), Cisco NX-OS Software 5.0(3)U2(2), Cisco NX-OS Software 5.0(3)U2(2a), Cisco NX-OS Software 5.0(3)U2(2b), Cisco NX-OS Software 5.0(3)U2(2c), Cisco NX-OS Software 5.0(3)U2(2d), Cisco NX-OS Software 5.0(3)U3(1), Cisco NX-OS Software 5.0(3)U3(2), Cisco NX-OS Software 5.0(3)U3(2a), Cisco NX-OS Software 5.0(3)U3(2b), Cisco NX-OS Software 5.0(3)U4(1), Cisco NX-OS Software 5.0(3)U5(1), Cisco NX-OS Software 5.0(3)U5(1a), Cisco NX-OS Software 5.0(3)U5(1b), Cisco NX-OS Software 5.0(3)U5(1c), Cisco NX-OS Software 5.0(3)U5(1d), Cisco NX-OS Software 5.0(3)U5(1e), Cisco NX-OS Software 5.0(3)U5(1f), Cisco NX-OS Software 5.0(3)U5(1g), Cisco NX-OS Software 5.0(3)U5(1h), Cisco NX-OS Software 5.1(3)N1(1), Cisco NX-OS Software 5.1(3)N1(1a), Cisco NX-OS Software 5.1(3)N2(1), Cisco NX-OS Software 5.1(3)N2(1a), Cisco NX-OS Software 5.1(3)N2(1b), Cisco NX-OS Software 5.1(3)N2(1c), Cisco NX-OS Software 5.2(1)N1(1), Cisco NX-OS Software 5.2(1)N1(1a), Cisco NX-OS Software 5.2(1)N1(1b), Cisco NX-OS Software 5.2(1)N1(2), Cisco NX-OS Software 5.2(1)N1(2a), Cisco NX-OS Software 5.2(1)N1(3), Cisco NX-OS Software 5.2(1)N1(4), Cisco NX-OS Software 5.2(1)N1(5), Cisco NX-OS Software 5.2(1)N1(6), Cisco NX-OS Software 5.2(1)SM1(5.1), Cisco NX-OS Software 6.0(1), Cisco NX-OS Software 6.0(2), Cisco NX-OS Software 6.0(3), Cisco NX-OS Software 6.0(4), Cisco NX-OS Software 6.0(2)U1(1), Cisco NX-OS Software 6.0(2)U1(2), Cisco NX-OS Software 6.0(2)U1(1a), Cisco NX-OS Software 6.0(2)U1(3), Cisco NX-OS Software

Related Products

Product	CVE	Evidence
Cisco Virtual Security Gateway for Nexus 1000V Series Switches	CVE-2012-4131	Cisco OpenVuln
Cisco Nexus 1000V InterCloud for VMware	CVE-2012-4131	Cisco OpenVuln
Cisco NX-OS Software	CVE-2012-4131	Cisco OpenVuln

Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco NX-OS Arbitrary File Access Vulnerability

Workarounds

Related Products