CVE-2013-5556
First published: Sat Nov 16 2013(Updated: )
The license-installation module on the Cisco Nexus 1000V switch 4.2(1)SV1(5.2b) and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.2(1)SM1(5.1) for Microsoft Hyper-V, and Cisco Virtual Security Gateway 4.2(1)VSG1(1) for Nexus 1000V switches allows local users to gain privileges and execute arbitrary commands via crafted "install all iso" arguments, aka Bug ID CSCui21340.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Nexus 1000 Virtual Edge | =4.2\(1\)vsg1\(1\) | |
| Cisco Nexus 1000V for Hyper-V | =5.2\(1\)sm1\(5.1\) | |
| Cisco Nexus 1000V | <=4.2\(1\)sv1\(5.2b\) | |
| Cisco Nexus 1000V | =4.2\(1\)_sv1\(4\) | |
| Cisco Nexus 1000V | =4.2\(1\)_sv1\(4a\) | |
| Cisco Nexus 1000V | =4.2\(1\)_sv1\(4b\) | |
| Cisco Nexus 1000V | =4.2\(1\)sv1\(5.1\) | |
| Cisco Nexus 1000V | =4.2\(1\)sv1\(5.1a\) | |
| Cisco Nexus 1000V | =4.2\(1\)sv1\(5.2\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What are the potential impacts of CVE-2013-5556?
CVE-2013-5556 allows local users to gain elevated privileges on affected Cisco Nexus 1000V switches.
Which versions of Cisco Nexus 1000V are vulnerable to CVE-2013-5556?
CVE-2013-5556 impacts Cisco Nexus 1000V versions 4.2(1)SV1(5.2b) and earlier, as well as 5.2(1)SM1(5.1) for Microsoft Hyper-V.
How do I mitigate CVE-2013-5556 on my Cisco Nexus 1000V?
To mitigate CVE-2013-5556, upgrade to the fixed versions provided by Cisco according to the advisory.
Is CVE-2013-5556 still a concern for new installations of Cisco Nexus 1000V?
CVE-2013-5556 is a concern if your installation is using the vulnerable versions of the Cisco Nexus 1000V.
What should I do if my organization is affected by CVE-2013-5556?
If affected by CVE-2013-5556, immediately apply the recommended security updates and conduct a security review.
- agent/references
- agent/type
- agent/weakness
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco nexus 1000 virtual edge
- version/cisco nexus 1000 virtual edge/4.2\(1\)vsg1\(1\)
- canonical/cisco nexus 1000v for hyper-v
- version/cisco nexus 1000v for hyper-v/5.2\(1\)sm1\(5.1\)
- canonical/cisco nexus 1000v
- version/cisco nexus 1000v/4.2\(1\)sv1\(5.2b\)
- version/cisco nexus 1000v/4.2\(1\)_sv1\(4\)
- version/cisco nexus 1000v/4.2\(1\)_sv1\(4a\)
- version/cisco nexus 1000v/4.2\(1\)_sv1\(4b\)
- version/cisco nexus 1000v/4.2\(1\)sv1\(5.1\)
- version/cisco nexus 1000v/4.2\(1\)sv1\(5.1a\)
- version/cisco nexus 1000v/4.2\(1\)sv1\(5.2\)