Cisco NX-OS Multiple Vulnerabilities (cisco-sa-20140521-nxos)

high Nessus Plugin ID 74241

Synopsis

The remote device is running a vulnerable version of NX-OS.

Description

According to its self-reported version, the remote NX-OS device is reportedly affected by one or more of the following vulnerabilities :

- A privilege escalation flaw exists on systems with multiple virtual device contexts (VDCs) and local authentication configured. This could allow a remote, authenticated attacker to gain the privileges of an administrator in another VDC. Affects Nexus 7000 series devices. (CVE-2013-1191)

- A privilege escalation flaw exists on systems with multiple virtual device contexts (VDCs) and local authentication configured. This could allow a remote, authenticated attacker to gain the privileges of an administrator in another VDC. Affects Nexus 7000 series devices. (CVE-2014-2200).

- A buffer overflow flaw exists with the Smart Call Home feature. A remote attacker, with control of a configured SMTP server, could execute arbitrary code with elevated privileges. (CVE-2014-3261)

- A denial of service flaw exists with the Message Transfer Service (MTS) due to a NULL pointer dereference. This could allow a remote attacker to trigger a denial of service. Note that Cisco has investigated the issue, and has found that no official releases are affected. Only pre-release versions of NX-OS 6.0 are affected. (CVE-2014-2201)

Solution

Upgrade to 4.1(2)E1(1l) / 5.0(3)U2(2) / 5.1(3)N1(1) / 6.1(5) or later.

See Also

https://tools.cisco.com/security/center/viewAlert.x?alertId=34245

https://tools.cisco.com/security/center/viewAlert.x?alertId=34246

https://tools.cisco.com/security/center/viewAlert.x?alertId=34247

https://tools.cisco.com/security/center/viewAlert.x?alertId=34248

http://www.nessus.org/u?46c36c82

https://seclists.org/bugtraq/2014/May/122

Plugin Details

Severity: High

ID: 74241

File Name: cisco-sa-20140521-nxos.nasl

Version: 1.9

Type: combined

Family: CISCO

Published: 5/30/2014

Updated: 11/26/2019

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.6

Temporal Score: 5.6

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

CVSS Score Source: CVE-2014-3261

Vulnerability Information

CPE: cpe:/o:cisco:nx-os

Required KB Items: Host/Cisco/NX-OS/Version, Host/Cisco/NX-OS/Device, Host/Cisco/NX-OS/Model

Exploit Ease: No known exploits are available

Patch Publication Date: 5/21/2014

Vulnerability Publication Date: 5/21/2014

Reference Information

CVE: CVE-2013-1191, CVE-2014-2200, CVE-2014-2201, CVE-2014-3261

BID: 67571, 67574, 67575, 67578