Test ID:	1.3.6.1.4.1.25623.1.0.105069
Category:	CISCO
Title:	Cisco NX-OS Arbitrary File Read Vulnerability (CSCul23419)
Summary:	A vulnerability in the command-line interface (CLI) of Cisco; NX-OS Software could allow an authenticated, local attacker to access the contents of arbitrary; files on the affected device.
Description:	Summary: A vulnerability in the command-line interface (CLI) of Cisco NX-OS Software could allow an authenticated, local attacker to access the contents of arbitrary files on the affected device. Vulnerability Insight: Cisco NX-OS software contains a directory traversal vulnerability within the command line interface that could allow a local, authenticated attacker to disclose the contents of arbitrary files on the affected device. Vulnerability Impact: An attacker could leverage the NX-OS 'copy' command to duplicate the contents of arbitrary files on the device to a user writable area of the filesystem. As the new file will be owned by the authenticated user, the attacker will be able to view the contents. Affected Software/OS: Cisco Nexus 7000, Cisco MDS 9000, Cisco Nexus 6000, Cisco Nexus 5500, Cisco Nexus 5000, Cisco Nexus 4000, Cisco Nexus 3500, Cisco Nexus 3000, Cisco Nexus 1000V, Cisco Connected Grid Router 1000 Series, Cisco Unified Computing System Fabric Interconnect 6200 and Cisco Unified Computing System Fabric Interconnect 6100. Solution: See the referenced vendor advisory for a solution. CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:S/C:C/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-6975 BugTraq ID: 67426 http://www.securityfocus.com/bid/67426 Cisco Security Advisory: 20140515 Cisco NX-OS Software Arbitrary File Read Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6975
Copyright	Copyright (C) 2014 Greenbone Networks GmbH

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.