Details of VAR-201711-0325

ID

VAR-201711-0325

CVE

CVE-2017-12330

TITLE

Cisco NX-OS Command injection vulnerability in system software

Trust: 0.8

sources: JVNDB: JVNDB-2017-010550

DESCRIPTION

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command and gaining unauthorized access to the underlying operating system of the device. An exploit could allow the attacker to execute arbitrary commands at the user's privilege level. On products that support multiple virtual device contexts (VDCs), this vulnerability could allow an attacker to execute commands at the user's privilege level outside the user's environment. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCve99902, CSCvf14879. Vendors have confirmed this vulnerability Bug ID CSCve99902 and CSCvf14879 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco MultilayerDirectorSwitches, etc. are products of Cisco. Cisco MultilayerDirectorSwitches is a switch product. Nexus2000 SeriesFabricExtenders is a Nexus2000 Series Array Extender. NX-OSSystemSoftware is a set of operating systems used in it. The CLI is one of the command line programs

Trust: 2.52

sources: NVD: CVE-2017-12330 // JVNDB: JVNDB-2017-010550 // CNVD: CNVD-2017-36155 // BID: 102012 // VULHUB: VHN-102842

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-36155

AFFECTED PRODUCTS

vendor:	cisco	model:	nx-os	scope:	eq	version:	8.1\(1\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	8.1\(0\)bd\(0.20\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	7.0\(0\)hsk\(0.357\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	multilayer director switches	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	nexus series fabric extenders	scope:	eq	version:	2000	Trust: 0.6
vendor:	cisco	model:	nexus series switche	scope:	eq	version:	3000	Trust: 0.6
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	5000	Trust: 0.6
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	6000	Trust: 0.6
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	70000	Trust: 0.6
vendor:	cisco	model:	nexus series switches in nx-os mode	scope:	eq	version:	9000	Trust: 0.6
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	7700	Trust: 0.6
vendor:	cisco	model:	nexus r-series line cards and fabric modules	scope:	eq	version:	9500	Trust: 0.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	nexus r-series line cards and fabric modules	scope:	eq	version:	95000	Trust: 0.3
vendor:	cisco	model:	nexus series switches standalone nx-os mode	scope:	eq	version:	9000-0	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	77000	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	70008.1(1)	Trust: 0.3
vendor:	cisco	model:	nexus series switches 8.1 bd	scope:	eq	version:	7000	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	60000	Trust: 0.3
vendor:	cisco	model:	nexus platform switches	scope:	eq	version:	56000	Trust: 0.3
vendor:	cisco	model:	nexus platform switches	scope:	eq	version:	55000	Trust: 0.3
vendor:	cisco	model:	nexus series switches 7.0 hsk	scope:	eq	version:	5000	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	30000	Trust: 0.3
vendor:	cisco	model:	nexus series fabric extenders	scope:	eq	version:	20000	Trust: 0.3
vendor:	cisco	model:	multilayer director switches	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2017-36155 // BID: 102012 // JVNDB: JVNDB-2017-010550 // CNNVD: CNNVD-201711-1234 // NVD: CVE-2017-12330

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-12330
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-12330
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-36155
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201711-1234
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-102842
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-12330
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-36155
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:L/AC:L/AU:S/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.1
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-102842
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-12330
baseSeverity:	MEDIUM
baseScore:	6.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.0
impactScore:	3.7
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-36155 // VULHUB: VHN-102842 // JVNDB: JVNDB-2017-010550 // CNNVD: CNNVD-201711-1234 // NVD: CVE-2017-12330

PROBLEMTYPE DATA

problemtype:

CWE-77

Trust: 1.9

sources: VULHUB: VHN-102842 // JVNDB: JVNDB-2017-010550 // NVD: CVE-2017-12330

THREAT TYPE

local

Trust: 0.9

sources: BID: 102012 // CNNVD: CNNVD-201711-1234

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-201711-1234

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010550

PATCH

title:	cisco-sa-20171129-nss	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nss	Trust: 0.8
title:	Patches for multiple Cisco products Cisco NX-OSSystem Software command injection vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/107813	Trust: 0.6
title:	Cisco product Cisco NX-OS System Software Fixes for command injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76852	Trust: 0.6

sources: CNVD: CNVD-2017-36155 // JVNDB: JVNDB-2017-010550 // CNNVD: CNNVD-201711-1234

EXTERNAL IDS

db:	NVD	id:	CVE-2017-12330	Trust: 3.4
db:	BID	id:	102012	Trust: 2.0
db:	SECTRACK	id:	1039929	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-010550	Trust: 0.8
db:	CNNVD	id:	CNNVD-201711-1234	Trust: 0.7
db:	CNVD	id:	CNVD-2017-36155	Trust: 0.6
db:	VULHUB	id:	VHN-102842	Trust: 0.1

sources: CNVD: CNVD-2017-36155 // VULHUB: VHN-102842 // BID: 102012 // JVNDB: JVNDB-2017-010550 // CNNVD: CNNVD-201711-1234 // NVD: CVE-2017-12330

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171129-nss	Trust: 2.0
url:	http://www.securityfocus.com/bid/102012	Trust: 1.7
url:	http://www.securitytracker.com/id/1039929	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12330	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12330	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171129-nxos3	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2017-36155 // VULHUB: VHN-102842 // BID: 102012 // JVNDB: JVNDB-2017-010550 // CNNVD: CNNVD-201711-1234 // NVD: CVE-2017-12330

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 102012

SOURCES

db:	CNVD	id:	CNVD-2017-36155
db:	VULHUB	id:	VHN-102842
db:	BID	id:	102012
db:	JVNDB	id:	JVNDB-2017-010550
db:	CNNVD	id:	CNNVD-201711-1234
db:	NVD	id:	CVE-2017-12330

LAST UPDATE DATE

2024-11-23T22:48:53.615000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-36155	date:	2017-12-05T00:00:00
db:	VULHUB	id:	VHN-102842	date:	2019-10-09T00:00:00
db:	BID	id:	102012	date:	2017-12-19T22:01:00
db:	JVNDB	id:	JVNDB-2017-010550	date:	2017-12-19T00:00:00
db:	CNNVD	id:	CNNVD-201711-1234	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-12330	date:	2024-11-21T03:09:19.110

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-36155	date:	2017-12-05T00:00:00
db:	VULHUB	id:	VHN-102842	date:	2017-11-30T00:00:00
db:	BID	id:	102012	date:	2017-11-29T00:00:00
db:	JVNDB	id:	JVNDB-2017-010550	date:	2017-12-19T00:00:00
db:	CNNVD	id:	CNNVD-201711-1234	date:	2017-12-01T00:00:00
db:	NVD	id:	CVE-2017-12330	date:	2017-11-30T09:29:00.323