Cisco NX-OS Arbitrary File Read Vulnerability (CSCul05217 / CSCul23419)

medium Nessus Plugin ID 77284

Synopsis

The remote device is running a vulnerable version of NX-OS.

Description

According to its self-reported version, the remote NX-OS device is affected by a directory traversal vulnerability due to improper filtering of user input in its command line interface (CLI). An authenticated, local attacker could access arbitrary files on the device.

Solution

See the referenced Cisco bug IDs to obtain the appropriate vendor supplied patch.

See Also

http://www.nessus.org/u?6f209030

https://tools.cisco.com/security/center/viewAlert.x?alertId=34260

Plugin Details

Severity: Medium

ID: 77284

File Name: cisco-sn-CVE-2013-6975-nxos.nasl

Version: 1.6

Type: combined

Family: CISCO

Published: 8/20/2014

Updated: 10/29/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:N/A:N

Vulnerability Information

CPE: cpe:/o:cisco:nx-os

Required KB Items: Host/Cisco/NX-OS/Version, Host/Cisco/NX-OS/Model, Host/Cisco/NX-OS/Device

Exploit Ease: No known exploits are available

Patch Publication Date: 5/15/2014

Vulnerability Publication Date: 5/15/2014

Reference Information

CVE: CVE-2013-6975

BID: 67426

CISCO-BUG-ID: CSCul05217, CSCul23419