Sign-up

ID

VAR-201709-0662


CVE

CVE-2017-12255


TITLE

Cisco UCS Central Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-008420

DESCRIPTION

A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacker to gain shell access. The vulnerability is due to insufficient input validation of commands entered in the CLI, aka a Restricted Shell Break Vulnerability. An attacker could exploit this vulnerability by entering a specific command with crafted arguments. An exploit could allow the attacker to gain shell access to the underlying system. Cisco Bug IDs: CSCve70762. Vendors have confirmed this vulnerability Bug ID CSCve70762 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco UCS Central Software is a set of Cisco UCS (Unified Computing System) resource management and monitoring solutions for global Cisco UCS (Unified Computing System) resources

Trust: 2.07

sources: NVD: CVE-2017-12255 // JVNDB: JVNDB-2017-008420 // BID: 100932 // VULHUB: VHN-102759 // VULMON: CVE-2017-12255

AFFECTED PRODUCTS

vendor:ciscomodel:unified computing systemscope:eqversion:1.5\(1c\)

Trust: 1.6

vendor:ciscomodel:unified computing system central softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:ucs central software 1.5scope: - version: -

Trust: 0.3

vendor:ciscomodel:ucs central software 2.0scope:neversion: -

Trust: 0.3

sources: BID: 100932 // JVNDB: JVNDB-2017-008420 // CNNVD: CNNVD-201709-1032 // NVD: CVE-2017-12255

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12255
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-12255
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201709-1032
value: MEDIUM

Trust: 0.6

VULHUB: VHN-102759
value: HIGH

Trust: 0.1

VULMON: CVE-2017-12255
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-12255
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-102759
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12255
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-102759 // VULMON: CVE-2017-12255 // JVNDB: JVNDB-2017-008420 // CNNVD: CNNVD-201709-1032 // NVD: CVE-2017-12255

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-102759 // JVNDB: JVNDB-2017-008420 // NVD: CVE-2017-12255

THREAT TYPE

local

Trust: 0.9

sources: BID: 100932 // CNNVD: CNNVD-201709-1032

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 100932 // CNNVD: CNNVD-201709-1032

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-008420

PATCH
title:cisco-sa-20170920-ucsurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-ucs
Trust: 0.8
title:Cisco UCS Central Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75048
Trust: 0.6
title:Cisco: Cisco UCS Central Software Command Line Interface Restricted Shell Break Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20170920-ucs
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-12255 // 
            
            
            
            JVNDB: JVNDB-2017-008420 // 
            
            
            
            CNNVD: CNNVD-201709-1032

EXTERNAL IDS
db:NVDid:CVE-2017-12255
Trust: 2.9
db:BIDid:100932
Trust: 2.1
db:SECTRACKid:1039412
Trust: 1.8
db:JVNDBid:JVNDB-2017-008420
Trust: 0.8
db:CNNVDid:CNNVD-201709-1032
Trust: 0.7
db:VULHUBid:VHN-102759
Trust: 0.1
db:VULMONid:CVE-2017-12255
Trust: 0.1
sources:
            
            
            VULHUB: VHN-102759 // 
            
            
            
            VULMON: CVE-2017-12255 // 
            
            
            
            BID: 100932 // 
            
            
            
            JVNDB: JVNDB-2017-008420 // 
            
            
            
            CNNVD: CNNVD-201709-1032 // 
            
            
            
            NVD: CVE-2017-12255

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170920-ucs
Trust: 2.2
url:http://www.securityfocus.com/bid/100932
Trust: 1.9
url:http://www.securitytracker.com/id/1039412
Trust: 1.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12255
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-12255
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-102759 // 
            
            
            
            VULMON: CVE-2017-12255 // 
            
            
            
            BID: 100932 // 
            
            
            
            JVNDB: JVNDB-2017-008420 // 
            
            
            
            CNNVD: CNNVD-201709-1032 // 
            
            
            
            NVD: CVE-2017-12255

CREDITS
Cisco.
Trust: 0.3
sources:
            
            
            BID: 100932

SOURCES
db:VULHUBid:VHN-102759
db:VULMONid:CVE-2017-12255
db:BIDid:100932
db:JVNDBid:JVNDB-2017-008420
db:CNNVDid:CNNVD-201709-1032
db:NVDid:CVE-2017-12255

LAST UPDATE DATE
2024-11-23T22:07:15.761000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-102759date:2019-10-09T00:00:00
db:VULMONid:CVE-2017-12255date:2019-10-09T00:00:00
db:BIDid:100932date:2017-09-20T00:00:00
db:JVNDBid:JVNDB-2017-008420date:2017-10-18T00:00:00
db:CNNVDid:CNNVD-201709-1032date:2019-10-17T00:00:00
db:NVDid:CVE-2017-12255date:2024-11-21T03:09:10.640

SOURCES RELEASE DATE
db:VULHUBid:VHN-102759date:2017-09-21T00:00:00
db:VULMONid:CVE-2017-12255date:2017-09-21T00:00:00
db:BIDid:100932date:2017-09-20T00:00:00
db:JVNDBid:JVNDB-2017-008420date:2017-10-18T00:00:00
db:CNNVDid:CNNVD-201709-1032date:2017-09-22T00:00:00
db:NVDid:CVE-2017-12255date:2017-09-21T05:29:00.840