Published: 21/12/2013 Updated: 23/12/2013

CVSS v2 Base Score: 4.6 | Impact Score: 6.9 | Exploitability Score: 3.1

VMScore: 409

Vector: AV:L/AC:L/Au:S/C:N/I:C/A:N

Directory traversal vulnerability in filesys in Cisco NX-OS 6.1(2) and previous versions allows local users to access arbitrary files via crafted command-line arguments during a delete action, aka Bug IDs CSCty07270, CSCty07271, CSCty07273, and CSCty07275.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco nx-os 5.0
cisco nx-os 5.0\\(2\\)n1\\(1\\)
cisco nx-os 5.0\\(2\\)n2\\(1a\\)
cisco nx-os 5.0\\(3\\)n1\\(1b\\)
cisco nx-os 5.0\\(3\\)n2\\(1\\)
cisco nx-os 5.0\\(3\\)u1\\(2\\)
cisco nx-os 5.0\\(3\\)u2\\(1\\)
cisco nx-os 5.0\\(3\\)u3\\(2\\)
cisco nx-os 5.0\\(3\\)u3\\(2b\\)
cisco nx-os 5.0\\(3\\)u5\\(1c\\)
cisco nx-os 5.0\\(3\\)u5\\(1e\\)
cisco nx-os 5.1\\(3\\)n1\\(1\\)
cisco nx-os 5.1\\(4\\)
cisco nx-os 5.2\\(4\\)
cisco nx-os 5.2\\(7\\)
cisco nx-os 4.0\\(0\\)n1\\(2a\\)
cisco nx-os 4.0\\(1a\\)n1\\(1a\\)
cisco nx-os 4.0\\(4\\)sv1\\(3b\\)
cisco nx-os 4.0\\(4\\)sv1\\(3d\\)
cisco nx-os 4.1.\\(4\\)
cisco nx-os 4.2
cisco nx-os 4.2\\(1\\)sv1\\(4\\)
cisco nx-os 4.2\\(1\\)sv1\\(5.1\\)
cisco nx-os
cisco nx-os 6.1
cisco nx-os 6.0\\(1\\)
cisco nx-os 6.0\\(2\\)
cisco nx-os 5.0\\(3\\)n2\\(2a\\)
cisco nx-os 5.0\\(3\\)n2\\(2b\\)
cisco nx-os 5.0\\(3\\)u1\\(1a\\)
cisco nx-os 5.0\\(3\\)u1\\(1b\\)
cisco nx-os 5.0\\(3\\)u4\\(1\\)
cisco nx-os 5.0\\(3\\)u5\\(1\\)
cisco nx-os 5.0\\(3\\)u5\\(1a\\)
cisco nx-os 5.0\\(3\\)u5\\(1b\\)
cisco nx-os 5.1\\(5\\)
cisco nx-os 5.1\\(6\\)
cisco nx-os 5.2
cisco nx-os 5.2\\(1\\)
cisco nx-os 5.2\\(3\\)
cisco nx-os 4.0\\(1a\\)n2\\(1a\\)
cisco nx-os 4.0\\(4\\)sv1\\(1\\)
cisco nx-os 4.0\\(4\\)sv1\\(2\\)
cisco nx-os 4.0\\(4\\)sv1\\(3\\)
cisco nx-os 4.2\\(1\\)
cisco nx-os 4.2\\(1\\)n1\\(1\\)
cisco nx-os 4.2\\(1\\)n2\\(1\\)
cisco nx-os 4.2\\(1\\)n2\\(1a\\)
cisco nx-os 5.0\\(2\\)
cisco nx-os 5.0\\(2\\)n2\\(1\\)
cisco nx-os 5.0\\(3\\)n1\\(1c\\)
cisco nx-os 5.0\\(3\\)n2\\(2\\)
cisco nx-os 5.0\\(3\\)u1\\(1d\\)
cisco nx-os 5.0\\(3\\)u1\\(2a\\)
cisco nx-os 5.0\\(3\\)u3\\(1\\)
cisco nx-os 5.0\\(3\\)u3\\(2a\\)
cisco nx-os 5.0\\(3\\)u5\\(1d\\)
cisco nx-os 5.0\\(5\\)
cisco nx-os 5.1\\(3\\)
cisco nx-os 5.1\\(3\\)n1\\(1a\\)
cisco nx-os 5.2\\(3a\\)
cisco nx-os 5.2\\(5\\)
cisco nx-os 4.0\\(1a\\)n1\\(1\\)
cisco nx-os 4.0\\(1a\\)n2\\(1\\)
cisco nx-os 4.0\\(4\\)sv1\\(3a\\)
cisco nx-os 4.0\\(4\\)sv1\\(3c\\)
cisco nx-os 4.1.\\(3\\)
cisco nx-os 4.1.\\(5\\)
cisco nx-os 4.2\\(1\\)sv1\\(4a\\)
cisco nx-os 4.2\\(2\\)
cisco nx-os 4.2.\\(2a\\)
cisco nx-os 6.1\\(1\\)
cisco nx-os 5.0\\(2a\\)
cisco nx-os 5.0\\(3\\)
cisco nx-os 5.0\\(3\\)n1\\(1\\)
cisco nx-os 5.0\\(3\\)n1\\(1a\\)
cisco nx-os 5.0\\(3\\)u2\\(2\\)
cisco nx-os 5.0\\(3\\)u2\\(2a\\)
cisco nx-os 5.0\\(3\\)u2\\(2b\\)
cisco nx-os 5.0\\(3\\)u2\\(2c\\)
cisco nx-os 5.0\\(3\\)u2\\(2d\\)
cisco nx-os 5.1
cisco nx-os 5.1\\(1\\)
cisco nx-os 5.1\\(1a\\)
cisco nx-os 5.1\\(2\\)
cisco nx-os 5.2\\(9\\)
cisco nx-os 4.0
cisco nx-os 4.0\\(0\\)n1\\(1a\\)
cisco nx-os 4.0\\(0\\)n1\\(2\\)
cisco nx-os 4.1\\(3\\)n1\\(1\\)
cisco nx-os 4.1\\(3\\)n1\\(1a\\)
cisco nx-os 4.1\\(3\\)n2\\(1\\)
cisco nx-os 4.1\\(3\\)n2\\(1a\\)
cisco nx-os 4.1.\\(2\\)
cisco nx-os 4.2\\(3\\)
cisco nx-os 4.2\\(4\\)
cisco nx-os 4.2\\(6\\)
cisco nx-os 4.2\\(8\\)

A vulnerability in the Command Line Interface (CLI) of the Cisco NX-OS Software could allow an authenticated, local attacker to delete arbitrary files on the device The vulnerability is due to improper filtering of user input An attacker could exploit this vulnerability by leveraging the filesys delete command to perform a directory traversal at ...

CWE-22 http://tools.cisco.com/security/center/viewAlert.x?alertId=32237 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4135 https://nvd.nist.gov http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20131219-CVE-2012-4135

Get Started

CVE-2012-4135

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect