Lucene search

CiscoCVE-2014-0676

HistoryJan 22, 2014 - 9:55 p.m.

CVE-2014-0676

2014-01-2221:55:03

CWE-264

cisco

web.nvd.nist.gov

cisco

nx-os

local users

bypass

tacacs+

command restrictions

multiple commands

cve-2014-0676

bug id cscum47367

nvd

CVSS2

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:S/C:C/I:C/A:C

AI Score

6.6

Confidence

Low

EPSS

Percentile

5.1%

JSON

Cisco NX-OS allows local users to bypass intended TACACS+ command restrictions via a series of multiple commands, aka Bug ID CSCum47367.

Affected configurations

Nvd

Node

cisconx-osMatch-

VendorProductVersionCPE
cisconx-os-cpe:2.3:o:cisco:nx-os:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	nx-os	-	cpe:2.3:o:cisco:nx-os:-:::::::*

References

osvdb.org/102366

secunia.com/advisories/56597

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0676

tools.cisco.com/security/center/viewAlert.x?alertId=32531

www.securityfocus.com/bid/65083

www.securitytracker.com/id/1029690

exchange.xforce.ibmcloud.com/vulnerabilities/90627

CVSS2

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:S/C:C/I:C/A:C

AI Score

6.6

Confidence

Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2014-0676