CVE-2013-1191 - OpenCVE

Cisco NX-OS 6.1 before 6.1(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via crafted SSH key data in an SSH session to a management interface, aka Bug ID CSCud88400.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:H/Au:S/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Nexus 7000 Nexus 7000 10-slot Nexus 7000 18-slot Nexus 7000 9-slot Nx-os

Configuration 1 [-]

AND

OR	cpe:2.3:o:cisco:nx-os:6.1:::::::*
	cpe:2.3:o:cisco:nx-os:6.1\(1\):::::::*
	cpe:2.3:o:cisco:nx-os:6.1\(2\):::::::*
	cpe:2.3:o:cisco:nx-os:6.1\(3\):::::::*
	cpe:2.3:o:cisco:nx-os:6.1\(4\):::::::*
	cpe:2.3:o:cisco:nx-os:6.1\(4a\):::::::*

OR	cpe:2.3:h:cisco:nexus_7000:-:::::::*
	cpe:2.3:h:cisco:nexus_7000_10-slot:-:::::::*
	cpe:2.3:h:cisco:nexus_7000_18-slot:-:::::::*
	cpe:2.3:h:cisco:nexus_7000_9-slot:-:::::::*

No data.

References

Link	Providers
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2014-05-24T01:00:00

Updated: 2024-08-06T14:57:02.960Z

Reserved: 2013-01-11T00:00:00

Link: CVE-2013-1191

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2014-05-26T00:25:31.673

Modified: 2014-05-27T16:05:21.940

Link: CVE-2013-1191

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-05-21T00:00:00", "descriptions": [{"lang": "en", "value": "Cisco NX-OS 6.1 before 6.1(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via crafted SSH key data in an SSH session to a management interface, aka Bug ID CSCud88400."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-05-24T01:57:00", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20140521 Multiple Vulnerabilities in Cisco NX-OS-Based Products", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2013-1191", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cisco NX-OS 6.1 before 6.1(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via crafted SSH key data in an SSH session to a management interface, aka Bug ID CSCud88400."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20140521 Multiple Vulnerabilities in Cisco NX-OS-Based Products", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T14:57:02.960Z"}, "title": "CVE Program Container", "references": [{"name": "20140521 Multiple Vulnerabilities in Cisco NX-OS-Based Products", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2013-1191", "datePublished": "2014-05-24T01:00:00", "dateReserved": "2013-01-11T00:00:00", "dateUpdated": "2024-08-06T14:57:02.960Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "65FED959-8185-46B8-863E-1C29B2B6D729", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:6.1\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "C6F882AB-C25D-477F-96BF-7001BB77B955", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:6.1\\(2\\):*:*:*:*:*:*:*", "matchCriteriaId": "35E48EE6-C498-4E13-AC5E-28F6B4391725", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:6.1\\(3\\):*:*:*:*:*:*:*", "matchCriteriaId": "A3B41075-01D1-4832-A025-07A378F2A5E6", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:6.1\\(4\\):*:*:*:*:*:*:*", "matchCriteriaId": "858E4134-643C-422C-8441-5372F4BC25D8", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:6.1\\(4a\\):*:*:*:*:*:*:*", "matchCriteriaId": "A12BFDB0-4B90-4EB6-9CBE-A7A33C57EA9E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*", "matchCriteriaId": "12180BEB-7F21-4FA7-ABD2-E9A8EA7340F3", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:nexus_7000_10-slot:-:*:*:*:*:*:*:*", "matchCriteriaId": "B22B3865-30E9-4B5A-A37D-DC33F1150FFE", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:nexus_7000_18-slot:-:*:*:*:*:*:*:*", "matchCriteriaId": "459A7F11-52BF-4AD6-B495-4C4D6C050493", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:nexus_7000_9-slot:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB73543E-9B5B-4BA9-8FB4-666AF5AC8B6B", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cisco NX-OS 6.1 before 6.1(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via crafted SSH key data in an SSH session to a management interface, aka Bug ID CSCud88400."}, {"lang": "es", "value": "Cisco NX-OS 6.1 anterior a 6.1(5) en dispositivos Nexus 7000, cuando autenticaci\u00f3n local y m\u00faltiples VDCs est\u00e1n habilitadas, permite a usuarios remotos autenticados ganar privilegios dentro de una VDC no intencionada a trav\u00e9s de datos de claves SSH manipulados en una sesi\u00f3n hacia una interfaz de gesti\u00f3n, tambi\u00e9n conocido como Bug ID CSCud88400."}], "id": "CVE-2013-1191", "lastModified": "2014-05-27T16:05:21.940", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-05-26T00:25:31.673", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}