CVE-2016-1455 - OpenCVE

Cisco NX-OS before 7.0(3)I2(2e) and 7.0(3)I4 before 7.0(3)I4(1) has an incorrect iptables local-interface configuration, which allows remote attackers to obtain sensitive information via TCP or UDP traffic, aka Bug ID CSCuz05365.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Nexus 93128 Nexus 9396px Nexus 9396tx Nexus 9504 Nexus 9508 Nexus 9516 Nexus N9336pq Nx-os

Configuration 1 [-]

AND

OR	cpe:2.3:o:cisco:nx-os:7.0\(3\):::::::*
	cpe:2.3:o:cisco:nx-os:7.0\(3\)i1\(1\):::::::*
	cpe:2.3:o:cisco:nx-os:7.0\(3\)i1\(1a\):::::::*
	cpe:2.3:o:cisco:nx-os:7.0\(3\)i1\(1b\):::::::*
	cpe:2.3:o:cisco:nx-os:7.0\(3\)i1\(2\):::::::*

OR	cpe:2.3:h:cisco:nexus_93128:-:::::::*
	cpe:2.3:h:cisco:nexus_9396px:-:::::::*
	cpe:2.3:h:cisco:nexus_9396tx:-:::::::*
	cpe:2.3:h:cisco:nexus_9504:-:::::::*
	cpe:2.3:h:cisco:nexus_9508:-:::::::*
	cpe:2.3:h:cisco:nexus_9516:-:::::::*
	cpe:2.3:h:cisco:nexus_n9336pq:-:::::::*

No data.

References

Link	Providers
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-n9kinfo
http://www.securityfocus.com/bid/93415
http://www.securitytracker.com/id/1036957

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2016-10-05T20:00:00

Updated: 2024-08-05T22:55:14.567Z

Reserved: 2016-01-04T00:00:00

Link: CVE-2016-1455

Vulnrichment

No data.

NVD

Status : Modified

Published: 2016-10-05T20:59:00.180

Modified: 2022-04-05T19:22:33.137

Link: CVE-2016-1455

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-10-05T00:00:00", "descriptions": [{"lang": "en", "value": "Cisco NX-OS before 7.0(3)I2(2e) and 7.0(3)I4 before 7.0(3)I4(1) has an incorrect iptables local-interface configuration, which allows remote attackers to obtain sensitive information via TCP or UDP traffic, aka Bug ID CSCuz05365."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-29T09:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "93415", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/93415"}, {"name": "1036957", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1036957"}, {"name": "20161005 Cisco Nexus 9000 Information Disclosure Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-n9kinfo"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2016-1455", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cisco NX-OS before 7.0(3)I2(2e) and 7.0(3)I4 before 7.0(3)I4(1) has an incorrect iptables local-interface configuration, which allows remote attackers to obtain sensitive information via TCP or UDP traffic, aka Bug ID CSCuz05365."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "93415", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93415"}, {"name": "1036957", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1036957"}, {"name": "20161005 Cisco Nexus 9000 Information Disclosure Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-n9kinfo"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T22:55:14.567Z"}, "title": "CVE Program Container", "references": [{"name": "93415", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/93415"}, {"name": "1036957", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1036957"}, {"name": "20161005 Cisco Nexus 9000 Information Disclosure Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-n9kinfo"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2016-1455", "datePublished": "2016-10-05T20:00:00", "dateReserved": "2016-01-04T00:00:00", "dateUpdated": "2024-08-05T22:55:14.567Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:7.0\\(3\\):*:*:*:*:*:*:*", "matchCriteriaId": "108374E9-8814-41C4-9474-6EE3AF24D71F", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i1\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "58BC9769-F3CD-4047-8C86-8C09FB2AB0F6", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i1\\(1a\\):*:*:*:*:*:*:*", "matchCriteriaId": "4C775E53-781D-4426-A59B-DB65D697A844", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i1\\(1b\\):*:*:*:*:*:*:*", "matchCriteriaId": "619DEAAE-3356-4079-8CC8-F477FCA18199", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i1\\(2\\):*:*:*:*:*:*:*", "matchCriteriaId": "99909A45-A094-4706-B2BA-C6E352235724", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_93128:-:*:*:*:*:*:*:*", "matchCriteriaId": "F309E7B9-B828-4CD2-9D2B-8966EE5B9CC1", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_9396px:-:*:*:*:*:*:*:*", "matchCriteriaId": "1BC5293E-F2B4-46DC-85DA-167EA323FCFD", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_9396tx:-:*:*:*:*:*:*:*", "matchCriteriaId": "EA022E77-6557-4A33-9A3A-D028E2DB669A", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_9504:-:*:*:*:*:*:*:*", "matchCriteriaId": "768BE390-5ED5-48A7-9E80-C4DE8BA979B1", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_9508:-:*:*:*:*:*:*:*", "matchCriteriaId": "DDC2F709-AFBE-48EA-A3A2-DA1134534FB6", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_9516:-:*:*:*:*:*:*:*", "matchCriteriaId": "7E02DC82-0D26-436F-BA64-73C958932B0A", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:nexus_n9336pq:-:*:*:*:*:*:*:*", "matchCriteriaId": "2222B619-10DD-4CDF-B52B-D10F21436707", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cisco NX-OS before 7.0(3)I2(2e) and 7.0(3)I4 before 7.0(3)I4(1) has an incorrect iptables local-interface configuration, which allows remote attackers to obtain sensitive information via TCP or UDP traffic, aka Bug ID CSCuz05365."}, {"lang": "es", "value": "Cisco NX-OS en versiones anteriores a 7.0(3)I2(2e) y 7.0(3)I4 en versiones anteriores a 7.0(3)I4(1) tiene una configuraci\u00f3n de la interfaz local de iptables incorrecta, lo que permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s del tr\u00e1fico TCP o UDP, vulnerabilidad tambi\u00e9n conocida como Bug ID CSCuz05365."}], "id": "CVE-2016-1455", "lastModified": "2022-04-05T19:22:33.137", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-10-05T20:59:00.180", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-n9kinfo"}, {"source": "ykramarz@cisco.com", "url": "http://www.securityfocus.com/bid/93415"}, {"source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id/1036957"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}