Vulnerability Name:

CVE-2012-4090 (CCN-87670)

Assigned:2012-07-31
Published:2013-10-04
Updated:2017-08-29
Summary:The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to obtain sensitive configuration-file information by leveraging the network-operator role, aka Bug ID CSCti09089.
CVSS v3 Severity:3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N)
3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-264
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2012-4090

Source: OSVDB
Type: UNKNOWN
98123

Source: CCN
Type: SA55206
Cisco NX-OS Configuration File Password Hashes Disclosure Security Issue

Source: SECUNIA
Type: UNKNOWN
55206

Source: CCN
Type: Cisco Security Notice
Cisco Nexus 7000 Information Disclosure Vulnerability

Source: CISCO
Type: Vendor Advisory
20131004 Cisco Nexus 7000 Information Disclosure Vulnerability

Source: CCN
Type: OSVDB ID: 98123
Cisco Nexus 7000 NX-OS Management Interface Configuration File Information Disclosure

Source: BID
Type: Third Party Advisory, VDB Entry
62841

Source: CCN
Type: BID-62841
Cisco Nexus 7000 Series Switches NX-OS CVE-2012-4090 Remote Information Disclosure Vulnerability

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1029158

Source: XF
Type: UNKNOWN
cisco-nxos-cve20124090-info-disc(87670)

Source: XF
Type: UNKNOWN
cisco-nxos-cve20124090-info-disc(87670)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:cisco:nx-os:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:cisco:nexus_7000:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:nexus_7000_10-slot:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:nexus_7000_18-slot:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:nexus_7000_9-slot:-:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:cisco:nx-os:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    cisco nx-os -
    cisco nexus 7000 -
    cisco nexus 7000 10-slot -
    cisco nexus 7000 18-slot -
    cisco nexus 7000 9-slot -
    cisco nx-os -