Sign-up

ID

VAR-201711-0329


CVE

CVE-2017-12334


TITLE

Cisco NX-OS System software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-010554

DESCRIPTION

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. An attacker would need valid administrator credentials to perform this exploit. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to execute arbitrary commands as root. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. Cisco Bug IDs: CSCvf15113, CSCvf15122, CSCvf15125, CSCvf15131, CSCvf15143, CSCvg04088. Vendors have confirmed this vulnerability Bug ID CSCvf15113 , CSCvf15122 , CSCvf15125 , CSCvf15131 , CSCvf15143 ,and CSCvg04088 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco MultilayerDirectorSwitches, etc. are products of Cisco. Cisco MultilayerDirectorSwitches is a switch product. Nexus2000 SeriesFabricExtenders is a Nexus2000 Series Array Extender. NX-OSSystemSoftware is a set of operating systems used in it. The CLI is one of the command line programs

Trust: 2.61

sources: NVD: CVE-2017-12334 // JVNDB: JVNDB-2017-010554 // CNVD: CNVD-2017-36152 // BID: 102162 // VULHUB: VHN-102846 // VULMON: CVE-2017-12334

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-36152

AFFECTED PRODUCTS

vendor:ciscomodel:nx-osscope:eqversion:8.1\(0.59\)s0

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:8.1\(0\)bd\(0.20\)

Trust: 1.6

vendor:ciscomodel:unified computing systemscope:eqversion:7.0\(0\)hsk\(0.357\)

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:8.1\(1\)

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:6.0\(2\)a8\(3\)

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:7.0\(0\)hsk\(0.357\)

Trust: 1.6

vendor:ciscomodel:nexus series switchesscope:eqversion:70000

Trust: 0.9

vendor:ciscomodel:nx-osscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified computing systemscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus series switchescope:eqversion:3000

Trust: 0.6

vendor:ciscomodel:nexus series switchesscope:eqversion:5000

Trust: 0.6

vendor:ciscomodel:nexus series switchesscope:eqversion:6000

Trust: 0.6

vendor:ciscomodel:nexus series switchesscope:eqversion:7700

Trust: 0.6

vendor:ciscomodel:nexus platform switchesscope:eqversion:5600

Trust: 0.6

vendor:ciscomodel:nexus platform switchesscope:eqversion:5500

Trust: 0.6

vendor:ciscomodel:nexus series fabric extendersscope:eqversion:2000

Trust: 0.6

vendor:ciscomodel:nexus platform switchesscope:eqversion:3500

Trust: 0.6

vendor:ciscomodel:multilayer director switchesscope: - version: -

Trust: 0.6

vendor:ciscomodel:nexus series switchesscope:eqversion:90000

Trust: 0.6

vendor:ciscomodel:unified computing system managerscope: - version: -

Trust: 0.6

vendor:ciscomodel:nexus r-series line cards and fabric modulesscope:eqversion:9500

Trust: 0.6

vendor:ciscomodel:unified computing system managerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:unified computing system 7.0 hskscope: - version: -

Trust: 0.3

vendor:ciscomodel:nx-os softwarescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:nexus r-series line cards and fabric modulesscope:eqversion:95000

Trust: 0.3

vendor:ciscomodel:nexus series switches standalone nx-os modescope:eqversion:9000-0

Trust: 0.3

vendor:ciscomodel:nexus series switches 8.1 bdscope:eqversion:9000

Trust: 0.3

vendor:ciscomodel:nexus series switches 8.1 bdscope:eqversion:8000

Trust: 0.3

vendor:ciscomodel:nexus series switchesscope:eqversion:77000

Trust: 0.3

vendor:ciscomodel:nexus series switchesscope:eqversion:70008.1(1)

Trust: 0.3

vendor:ciscomodel:nexus series switches 7.0 hskscope:eqversion:7000

Trust: 0.3

vendor:ciscomodel:nexus series switchesscope:eqversion:60000

Trust: 0.3

vendor:ciscomodel:nexus platform switchesscope:eqversion:56000

Trust: 0.3

vendor:ciscomodel:nexus platform switchesscope:eqversion:55000

Trust: 0.3

vendor:ciscomodel:nexus series switchesscope:eqversion:50000

Trust: 0.3

vendor:ciscomodel:nexus platform switchesscope:eqversion:35000

Trust: 0.3

vendor:ciscomodel:nexus series switches 6.0 a8scope:eqversion:3000

Trust: 0.3

vendor:ciscomodel:nexus series switchesscope:eqversion:30000

Trust: 0.3

vendor:ciscomodel:nexus series fabric extendersscope:eqversion:20000

Trust: 0.3

vendor:ciscomodel:multilayer director switchesscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2017-36152 // BID: 102162 // JVNDB: JVNDB-2017-010554 // CNNVD: CNNVD-201711-1230 // NVD: CVE-2017-12334

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12334
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-12334
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-36152
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201711-1230
value: HIGH

Trust: 0.6

VULHUB: VHN-102846
value: HIGH

Trust: 0.1

VULMON: CVE-2017-12334
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-12334
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2017-36152
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-102846
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12334
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-36152 // VULHUB: VHN-102846 // VULMON: CVE-2017-12334 // JVNDB: JVNDB-2017-010554 // CNNVD: CNNVD-201711-1230 // NVD: CVE-2017-12334

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-102846 // JVNDB: JVNDB-2017-010554 // NVD: CVE-2017-12334

THREAT TYPE

local

Trust: 0.9

sources: BID: 102162 // CNNVD: CNNVD-201711-1230

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201711-1230

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010554

PATCH
title:cisco-sa-20171129-nxos3url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos3
Trust: 0.8
title:Patch for multiple Cisco products Cisco NX-OS System Software Command Injection Vulnerability (CNVD-2017-36152)url:https://www.cnvd.org.cn/patchInfo/show/107767
Trust: 0.6
title:Multiple Cisco product Cisco NX-OS System Software Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76848
Trust: 0.6
title:Cisco: Cisco NX-OS System Software CLI Command Injection Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20171129-nxos3
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-36152 // 
            
            
            
            VULMON: CVE-2017-12334 // 
            
            
            
            JVNDB: JVNDB-2017-010554 // 
            
            
            
            CNNVD: CNNVD-201711-1230

EXTERNAL IDS
db:NVDid:CVE-2017-12334
Trust: 3.5
db:BIDid:102162
Trust: 1.5
db:SECTRACKid:1039934
Trust: 1.2
db:JVNDBid:JVNDB-2017-010554
Trust: 0.8
db:CNNVDid:CNNVD-201711-1230
Trust: 0.7
db:CNVDid:CNVD-2017-36152
Trust: 0.6
db:VULHUBid:VHN-102846
Trust: 0.1
db:VULMONid:CVE-2017-12334
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-36152 // 
            
            
            
            VULHUB: VHN-102846 // 
            
            
            
            VULMON: CVE-2017-12334 // 
            
            
            
            BID: 102162 // 
            
            
            
            JVNDB: JVNDB-2017-010554 // 
            
            
            
            CNNVD: CNNVD-201711-1230 // 
            
            
            
            NVD: CVE-2017-12334

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171129-nxos3
Trust: 2.8
url:http://www.securityfocus.com/bid/102162
Trust: 1.2
url:http://www.securitytracker.com/id/1039934
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12334
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-12334
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://www.rapid7.com/db/vulnerabilities/cisco-ucs-cve-2017-12334
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-36152 // 
            
            
            
            VULHUB: VHN-102846 // 
            
            
            
            VULMON: CVE-2017-12334 // 
            
            
            
            BID: 102162 // 
            
            
            
            JVNDB: JVNDB-2017-010554 // 
            
            
            
            CNNVD: CNNVD-201711-1230 // 
            
            
            
            NVD: CVE-2017-12334

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 102162

SOURCES
db:CNVDid:CNVD-2017-36152
db:VULHUBid:VHN-102846
db:VULMONid:CVE-2017-12334
db:BIDid:102162
db:JVNDBid:JVNDB-2017-010554
db:CNNVDid:CNNVD-201711-1230
db:NVDid:CVE-2017-12334

LAST UPDATE DATE
2024-11-23T22:26:35.994000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-36152date:2017-12-05T00:00:00
db:VULHUBid:VHN-102846date:2017-12-15T00:00:00
db:VULMONid:CVE-2017-12334date:2017-12-15T00:00:00
db:BIDid:102162date:2017-12-19T22:01:00
db:JVNDBid:JVNDB-2017-010554date:2017-12-19T00:00:00
db:CNNVDid:CNNVD-201711-1230date:2017-12-01T00:00:00
db:NVDid:CVE-2017-12334date:2024-11-21T03:09:19.607

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-36152date:2017-12-05T00:00:00
db:VULHUBid:VHN-102846date:2017-11-30T00:00:00
db:VULMONid:CVE-2017-12334date:2017-11-30T00:00:00
db:BIDid:102162date:2017-11-29T00:00:00
db:JVNDBid:JVNDB-2017-010554date:2017-12-19T00:00:00
db:CNNVDid:CNNVD-201711-1230date:2017-12-01T00:00:00
db:NVDid:CVE-2017-12334date:2017-11-30T09:29:00.480