CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
7.8 | $0-$5k | 0.00 |
A vulnerability classified as critical has been found in Cisco NX-OS on Nexus 1000V (Router Operating System) (affected version unknown). This affects an unknown functionality of the component Certificate Handler. The manipulation with an unknown input leads to a cryptographic issues vulnerability. CWE is classifying the issue as CWE-310. This is going to have an impact on confidentiality, and integrity. The summary by CVE is:
The SSL functionality in Cisco NX-OS on the Nexus 1000V does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof servers, and intercept or modify Virtual Supervisor Module (VSM) to VMware vCenter communication, via a crafted certificate, aka Bug ID CSCud14837.
The weakness was shared 05/28/2013 by Felix Lindner (FX) with Recurity Labs as CVE-2013-1212 as confirmed advisory (Website). It is possible to read the advisory at tools.cisco.com. The vendor cooperated in the coordination of the public release. This vulnerability is uniquely identified as CVE-2013-1212 since 01/11/2013. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1600 according to MITRE ATT&CK.
Applying a patch is able to eliminate this problem. The bugfix is ready for download at tools.cisco.com.
The vulnerability is also documented in the vulnerability database at X-Force (84711). The entries 8917, 8918, 8920 and 8921 are related to this item.
Product
Type
Vendor
Name
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 8.2VulDB Meta Temp Score: 7.8
VulDB Base Score: 8.2
VulDB Temp Score: 7.8
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Cryptographic issuesCWE: CWE-310
CAPEC: 🔍
ATT&CK: 🔍
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
0-Day Time: 🔍
Patch: tools.cisco.com
Timeline
01/11/2013 🔍05/28/2013 🔍
05/28/2013 🔍
05/29/2013 🔍
05/30/2013 🔍
05/31/2013 🔍
06/17/2013 🔍
05/04/2019 🔍
Sources
Vendor: cisco.comAdvisory: CVE-2013-1212
Researcher: Felix Lindner (FX)
Organization: Recurity Labs
Status: Confirmed
Coordinated: 🔍
CVE: CVE-2013-1212 (🔍)
X-Force: 84711
Vulnerability Center: 40030 - Cisco NX-OS on Nexus 1000V SSL Functionality Improper Certificate Verification Allows Remote Spoofing Attacks - CVE-2013-1212, Medium
SecurityFocus: 60225 - Cisco Nexus 1000V NX-OS CVE-2013-1212 SSL Certificate Validation Security Bypass Vulnerability
Secunia: 53606 - Cisco Nexus 1000V Multiple Vulnerabilities, Less Critical
OSVDB: 93734
See also: 🔍
Entry
Created: 05/31/2013 11:37Updated: 05/04/2019 19:07
Changes: 05/31/2013 11:37 (70), 05/04/2019 19:07 (3)
Complete: 🔍
Committer:
Cache ID: 3:780:103
No comments yet. Languages: en.
Please log in to comment.