CVE-2012-4090 - OpenCVE

The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to obtain sensitive configuration-file information by leveraging the network-operator role, aka Bug ID CSCti09089.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Nexus 7000 Nexus 7000 10-slot Nexus 7000 18-slot Nexus 7000 9-slot Nx-os

Configuration 1 [-]

AND

cpe:2.3:o:cisco:nx-os:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:nexus_7000:-:::::::*
	cpe:2.3:h:cisco:nexus_7000_10-slot:-:::::::*
	cpe:2.3:h:cisco:nexus_7000_18-slot:-:::::::*
	cpe:2.3:h:cisco:nexus_7000_9-slot:-:::::::*

No data.

References

Link	Providers
http://osvdb.org/98123
http://secunia.com/advisories/55206
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4090
http://www.securityfocus.com/bid/62841
http://www.securitytracker.com/id/1029158
https://exchange.xforce.ibmcloud.com/vulnerabilities/87670

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2013-10-05T10:00:00

Updated: 2024-08-06T20:28:07.677Z

Reserved: 2012-07-31T00:00:00

Link: CVE-2012-4090

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-10-05T10:55:03.307

Modified: 2017-08-29T01:32:09.900

Link: CVE-2012-4090

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-10-04T00:00:00", "descriptions": [{"lang": "en", "value": "The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to obtain sensitive configuration-file information by leveraging the network-operator role, aka Bug ID CSCti09089."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "cisco-nxos-cve20124090-info-disc(87670)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87670"}, {"name": "62841", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/62841"}, {"name": "98123", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/98123"}, {"name": "1029158", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1029158"}, {"name": "20131004 Cisco Nexus 7000 Information Disclosure Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4090"}, {"name": "55206", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/55206"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2012-4090", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to obtain sensitive configuration-file information by leveraging the network-operator role, aka Bug ID CSCti09089."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "cisco-nxos-cve20124090-info-disc(87670)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87670"}, {"name": "62841", "refsource": "BID", "url": "http://www.securityfocus.com/bid/62841"}, {"name": "98123", "refsource": "OSVDB", "url": "http://osvdb.org/98123"}, {"name": "1029158", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029158"}, {"name": "20131004 Cisco Nexus 7000 Information Disclosure Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4090"}, {"name": "55206", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/55206"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T20:28:07.677Z"}, "title": "CVE Program Container", "references": [{"name": "cisco-nxos-cve20124090-info-disc(87670)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87670"}, {"name": "62841", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/62841"}, {"name": "98123", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/98123"}, {"name": "1029158", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1029158"}, {"name": "20131004 Cisco Nexus 7000 Information Disclosure Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4090"}, {"name": "55206", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/55206"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2012-4090", "datePublished": "2013-10-05T10:00:00", "dateReserved": "2012-07-31T00:00:00", "dateUpdated": "2024-08-06T20:28:07.677Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:-:*:*:*:*:*:*:*", "matchCriteriaId": "DA35D4AA-24B3-428E-84ED-804EF941E9A9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*", "matchCriteriaId": "12180BEB-7F21-4FA7-ABD2-E9A8EA7340F3", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:nexus_7000_10-slot:-:*:*:*:*:*:*:*", "matchCriteriaId": "B22B3865-30E9-4B5A-A37D-DC33F1150FFE", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:nexus_7000_18-slot:-:*:*:*:*:*:*:*", "matchCriteriaId": "459A7F11-52BF-4AD6-B495-4C4D6C050493", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:nexus_7000_9-slot:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB73543E-9B5B-4BA9-8FB4-666AF5AC8B6B", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to obtain sensitive configuration-file information by leveraging the network-operator role, aka Bug ID CSCti09089."}, {"lang": "es", "value": "La interfaz de gesti\u00f3n en Cisco NX-OS en dispositivos Nexus 7000 permite a usuarios remotos autenticados obtener informaci\u00f3n de configuraci\u00f3n de archivos sensible mediante el aprovechamiento del rol network-operator, tambi\u00e9n conocido como Bug ID CSCti09089."}], "id": "CVE-2012-4090", "lastModified": "2017-08-29T01:32:09.900", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-10-05T10:55:03.307", "references": [{"source": "ykramarz@cisco.com", "url": "http://osvdb.org/98123"}, {"source": "ykramarz@cisco.com", "url": "http://secunia.com/advisories/55206"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4090"}, {"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/62841"}, {"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1029158"}, {"source": "ykramarz@cisco.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87670"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}