Detections
Analytics
Cisco NX-OS Multiple Vulnerabilities (cisco-sa-20140521-nxos)
high Nessus Plugin ID 74241
Language:
Synopsis
The remote device is running a vulnerable version of NX-OS.Description
According to its self-reported version, the remote NX-OS device is reportedly affected by one or more of the following vulnerabilities :- A privilege escalation flaw exists on systems with multiple virtual device contexts (VDCs) and local authentication configured. This could allow a remote, authenticated attacker to gain the privileges of an administrator in another VDC. Affects Nexus 7000 series devices. (CVE-2013-1191)
- A privilege escalation flaw exists on systems with multiple virtual device contexts (VDCs) and local authentication configured. This could allow a remote, authenticated attacker to gain the privileges of an administrator in another VDC. Affects Nexus 7000 series devices. (CVE-2014-2200).
- A buffer overflow flaw exists with the Smart Call Home feature. A remote attacker, with control of a configured SMTP server, could execute arbitrary code with elevated privileges. (CVE-2014-3261)
- A denial of service flaw exists with the Message Transfer Service (MTS) due to a NULL pointer dereference. This could allow a remote attacker to trigger a denial of service. Note that Cisco has investigated the issue, and has found that no official releases are affected. Only pre-release versions of NX-OS 6.0 are affected. (CVE-2014-2201)
Solution
Upgrade to 4.1(2)E1(1l) / 5.0(3)U2(2) / 5.1(3)N1(1) / 6.1(5) or later.See Also
https://tools.cisco.com/security/center/viewAlert.x?alertId=34245
https://tools.cisco.com/security/center/viewAlert.x?alertId=34246
https://tools.cisco.com/security/center/viewAlert.x?alertId=34247
https://tools.cisco.com/security/center/viewAlert.x?alertId=34248
Plugin Details
Severity: High
ID: 74241
File Name: cisco-sa-20140521-nxos.nasl
Version: 1.9
Type: combined
Family: CISCO
Published: 5/30/2014
Updated: 11/26/2019
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.6
Temporal Score: 5.6
Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2014-3261
Vulnerability Information
CPE: cpe:/o:cisco:nx-os
Required KB Items: Host/Cisco/NX-OS/Version, Host/Cisco/NX-OS/Model, Host/Cisco/NX-OS/Device
Exploit Ease: No known exploits are available
Patch Publication Date: 5/21/2014
Vulnerability Publication Date: 5/21/2014
Reference Information
CVE: CVE-2013-1191, CVE-2014-2200, CVE-2014-2201, CVE-2014-3261
BID: 67571, 67574, 67575, 67578
CISCO-SA: cisco-sa-20140521-nxos
CISCO-BUG-ID: CSCti11629, CSCts56628, CSCts56632, CSCts56633, CSCtw98915, CSCud88400, CSCuf61322, CSCug14405