cvelistv5 - CVE-2016-1341

CVE-2016-1341 (GCVE-0-2016-1341)

Vulnerability from cvelistv5

Published

2016-02-24 02:00

Modified

2024-08-05 22:55

Severity ?

CWE

Summary

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

cnvd-2016-01317

Vulnerability from cnvd

Title

Cisco NX-OS权限提升漏洞

Description

Cisco NX-OS是美国思科（Cisco）公司的一个数据中心级的操作系统，该操作系统体现了模块化设计、永续性和可维护性。 Cisco Nexus 2000 Series Fabric Extender上的Cisco NX-OS中存在权限提升漏洞，允许本地用户通过未指定向量获得权限。

Severity

中

Patch Name

Cisco NX-OS权限提升漏洞的补丁

Patch Description

Cisco NX-OS是美国思科（Cisco）公司的一个数据中心级的操作系统，该操作系统体现了模块化设计、永续性和可维护性。 Cisco Nexus 2000 Series Fabric Extender上的Cisco NX-OS中存在权限提升漏洞，允许本地用户通过未指定向量获得权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160223-nx2000

Reference

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160223-nx2000

Impacted products

Name
Cisco Nexus 2000 Series

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "83358"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-1341"
    }
  },
  "description": "Cisco NX-OS\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u6570\u636e\u4e2d\u5fc3\u7ea7\u7684\u64cd\u4f5c\u7cfb\u7edf\uff0c\u8be5\u64cd\u4f5c\u7cfb\u7edf\u4f53\u73b0\u4e86\u6a21\u5757\u5316\u8bbe\u8ba1\u3001\u6c38\u7eed\u6027\u548c\u53ef\u7ef4\u62a4\u6027\u3002\r\n\r\nCisco Nexus 2000 Series Fabric Extender\u4e0a\u7684Cisco NX-OS\u4e2d\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u5141\u8bb8\u672c\u5730\u7528\u6237\u901a\u8fc7\u672a\u6307\u5b9a\u5411\u91cf\u83b7\u5f97\u6743\u9650\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160223-nx2000",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-01317",
  "openTime": "2016-02-26",
  "patchDescription": "Cisco NX-OS\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u6570\u636e\u4e2d\u5fc3\u7ea7\u7684\u64cd\u4f5c\u7cfb\u7edf\uff0c\u8be5\u64cd\u4f5c\u7cfb\u7edf\u4f53\u73b0\u4e86\u6a21\u5757\u5316\u8bbe\u8ba1\u3001\u6c38\u7eed\u6027\u548c\u53ef\u7ef4\u62a4\u6027\u3002\r\n\r\nCisco Nexus 2000 Series Fabric Extender\u4e0a\u7684Cisco NX-OS\u4e2d\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u5141\u8bb8\u672c\u5730\u7528\u6237\u901a\u8fc7\u672a\u6307\u5b9a\u5411\u91cf\u83b7\u5f97\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco NX-OS\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco Nexus 2000 Series"
  },
  "referenceLink": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160223-nx2000",
  "serverity": "\u4e2d",
  "submitTime": "2016-02-25",
  "title": "Cisco NX-OS\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

gsd-2016-1341

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2016-1341

Aliases

CVE-2016-1341

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-1341",
    "description": "Cisco NX-OS 7.0(1)N1(1), 7.0(1)N1(3), and 7.0(4)N1(1) on Nexus 2000 Fabric Extender devices has a blank root password, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCur22079.",
    "id": "GSD-2016-1341"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-1341"
      ],
      "details": "Cisco NX-OS 7.0(1)N1(1), 7.0(1)N1(3), and 7.0(4)N1(1) on Nexus 2000 Fabric Extender devices has a blank root password, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCur22079.",
      "id": "GSD-2016-1341",
      "modified": "2023-12-13T01:21:24.077001Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2016-1341",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cisco NX-OS 7.0(1)N1(1), 7.0(1)N1(3), and 7.0(4)N1(1) on Nexus 2000 Fabric Extender devices has a blank root password, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCur22079."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20160223 Cisco Nexus 2000 Series Fabric Extender Software Default Credential Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160223-nx2000"
          },
          {
            "name": "1035088",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1035088"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:cisco:nx-os:7.0\\(4\\)n1\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:nx-os:7.0\\(1\\)n1\\(3\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:nx-os:7.0\\(1\\)n1\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-1341"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cisco NX-OS 7.0(1)N1(1), 7.0(1)N1(3), and 7.0(4)N1(1) on Nexus 2000 Fabric Extender devices has a blank root password, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCur22079."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-255"
                },
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20160223 Cisco Nexus 2000 Series Fabric Extender Software Default Credential Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160223-nx2000"
            },
            {
              "name": "1035088",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1035088"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2016-12-06T03:06Z",
      "publishedDate": "2016-02-24T03:59Z"
    }
  }
}

De multiples vulnérabilités ont été corrigées dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco ACE 4710 Application Control Engine exécutant les versions A5(3.0) et antérieures
Cisco	N/A	Cisco Nexus 2000 Series Fabric Extenders
Cisco	N/A	Cisco FirePOWER Management Center versions 5.x et 6.0.0.x
Cisco	N/A	Cisco ASR 5000 devices exécutant les versions de StarOS antérieures à 19.3.M0.62771 et antérieures à 20.0.M0.62768
Cisco	N/A	Voir sur le site du constructeur la liste des systèmes affectés par la vulnérabilité CVE-2015-7547 concernant la glibc (lien fourni dans la section Documentation)

References

Title

Publication Time

var-201602-0068

Vulnerability from variot

Cisco NX-OS 7.0(1)N1(1), 7.0(1)N1(3), and 7.0(4)N1(1) on Nexus 2000 Fabric Extender devices has a blank root password, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCur22079. Vendors have confirmed this vulnerability Bug ID CSCur22079 It is released as.Authority may be obtained by local users. Cisco NX-OS is a data center-class operating system from Cisco Systems, Inc. that reflects modular design, resiliency, and maintainability. The vulnerability is caused by the program not setting a password for the root account. A local attacker could exploit this vulnerability to gain privileges. The following releases are affected: Cisco NX-OS Release 7.0(1)N1(1), Release 7.0(1)N1(3), Release 7.0(4)N1(1)

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201602-0068",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "7.0\\(1\\)n1\\(3\\)"
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "7.0\\(1\\)n1\\(1\\)"
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "7.0\\(4\\)n1\\(1\\)"
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "7.0(1)n1(1)"
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "7.0(1)n1(3)"
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "7.0(4)n1(1)"
      },
      {
        "model": "nexus series",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "2000"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-01317"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001687"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-448"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1341"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:cisco:nx-os",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001687"
      }
    ]
  },
  "cve": "CVE-2016-1341",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.4,
            "id": "CVE-2016-1341",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.4,
            "id": "CNVD-2016-01317",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.4,
            "id": "VHN-90160",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2016-1341",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2016-1341",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2016-1341",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2016-01317",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201602-448",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-90160",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-01317"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90160"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001687"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-448"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1341"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco NX-OS 7.0(1)N1(1), 7.0(1)N1(3), and 7.0(4)N1(1) on Nexus 2000 Fabric Extender devices has a blank root password, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCur22079. Vendors have confirmed this vulnerability Bug ID CSCur22079 It is released as.Authority may be obtained by local users. Cisco NX-OS is a data center-class operating system from Cisco Systems, Inc. that reflects modular design, resiliency, and maintainability. The vulnerability is caused by the program not setting a password for the root account. A local attacker could exploit this vulnerability to gain privileges. The following releases are affected: Cisco NX-OS Release 7.0(1)N1(1), Release 7.0(1)N1(3), Release 7.0(4)N1(1)",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-1341"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001687"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-01317"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90160"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-1341",
        "trust": 3.1
      },
      {
        "db": "SECTRACK",
        "id": "1035088",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001687",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-448",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "83358",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-01317",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-90160",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-01317"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90160"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001687"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-448"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1341"
      }
    ]
  },
  "id": "VAR-201602-0068",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-01317"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90160"
      }
    ],
    "trust": 1.5333333
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-01317"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:34:51.139000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20160223-nx2000",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160223-nx2000"
      },
      {
        "title": "Patch for Cisco NX-OS Privilege Escalation Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/71922"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-01317"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001687"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-255",
        "trust": 1.9
      },
      {
        "problemtype": "CWE-264",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90160"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001687"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1341"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160223-nx2000"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1035088"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1341"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1341"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-01317"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90160"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001687"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-448"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1341"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-01317"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90160"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001687"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-448"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1341"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-02-26T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-01317"
      },
      {
        "date": "2016-02-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-90160"
      },
      {
        "date": "2016-03-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-001687"
      },
      {
        "date": "2016-02-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201602-448"
      },
      {
        "date": "2016-02-24T03:59:01.087000",
        "db": "NVD",
        "id": "CVE-2016-1341"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-02-26T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-01317"
      },
      {
        "date": "2016-12-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-90160"
      },
      {
        "date": "2016-03-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-001687"
      },
      {
        "date": "2016-02-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201602-448"
      },
      {
        "date": "2024-11-21T02:46:13.080000",
        "db": "NVD",
        "id": "CVE-2016-1341"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-448"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Nexus 2000 Fabric Extender Run on device  Cisco NX-OS Vulnerability gained in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001687"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "trust management",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-448"
      }
    ],
    "trust": 0.6
  }
}

ghsa-g2p3-wp5v-j757

Vulnerability from github

Published

2022-05-17 03:29

Modified

2022-05-17 03:29

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-1341"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-02-24T03:59:00Z",
    "severity": "CRITICAL"
  },
  "details": "Cisco NX-OS 7.0(1)N1(1), 7.0(1)N1(3), and 7.0(4)N1(1) on Nexus 2000 Fabric Extender devices has a blank root password, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCur22079.",
  "id": "GHSA-g2p3-wp5v-j757",
  "modified": "2022-05-17T03:29:25Z",
  "published": "2022-05-17T03:29:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1341"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160223-nx2000"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1035088"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

fkie_cve-2016-1341

Vulnerability from fkie_nvd

Published

2016-02-24 03:59

Modified

2025-04-12 10:46

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160223-nx2000	Vendor Advisory
psirt@cisco.com	http://www.securitytracker.com/id/1035088
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160223-nx2000	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1035088

Impacted products

Vendor	Product	Version
cisco	nx-os	7.0\(1\)n1\(1\)
cisco	nx-os	7.0\(1\)n1\(3\)
cisco	nx-os	7.0\(4\)n1\(1\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:7.0\\(1\\)n1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "576B74DF-9527-4931-B1A3-8FEE1DB1AD99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:7.0\\(1\\)n1\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "60B2080A-6055-4459-ADAC-CD33E3697EA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:7.0\\(4\\)n1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "58292522-F486-410D-AD99-DFD6EC0AA9B1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco NX-OS 7.0(1)N1(1), 7.0(1)N1(3), and 7.0(4)N1(1) on Nexus 2000 Fabric Extender devices has a blank root password, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCur22079."
    },
    {
      "lang": "es",
      "value": "Cisco NX-OS 7.0(1)N1(1), 7.0(1)N1(3) y 7.0(4)N1(1) en dispositivos Nexus 2000 Fabric Extender tiene una contrase\u00f1a de root en blanco, lo que permite a usuarios locales obtener privilegios a trav\u00e9s de vectores no especificados, tambi\u00e9n conocida como Bug ID CSCur22079."
    }
  ],
  "id": "CVE-2016-1341",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-02-24T03:59:01.087",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160223-nx2000"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1035088"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160223-nx2000"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1035088"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-255"
        },
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2016-1341 (GCVE-0-2016-1341)

Vulnerability from cvelistv5

cnvd-2016-01317

Vulnerability from cnvd

gsd-2016-1341

Vulnerability from gsd

CERTFR-2016-AVI-071

Vulnerability from certfr_avis

Solution

var-201602-0068

Vulnerability from variot

ghsa-g2p3-wp5v-j757

Vulnerability from github

fkie_cve-2016-1341

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature