Details of VAR-201711-0331

ID

VAR-201711-0331

CVE

CVE-2017-12336

TITLE

Cisco NX-OS System software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-010556

DESCRIPTION

A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the interactive TCL shell and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient input validation of user-supplied files passed to the interactive TCL shell of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. To exploit this vulnerability, an attacker must have local access and be authenticated to the targeted device with administrative or tclsh execution privileges. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. Cisco Bug IDs: CSCve93750, CSCve93762, CSCve93763, CSCvg04127. Cisco NX-OS System software contains a vulnerability related to input validation. Vendors have confirmed this vulnerability Bug ID CSCve93750 , CSCve93762 , CSCve93763 ,and CSCvg04127 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco MultilayerDirectorSwitches, etc. are products of Cisco. Cisco MultilayerDirectorSwitches is a switch product. Nexus2000 SeriesFabricExtenders is a Nexus2000 Series Array Extender. NX-OSSystemSoftware is a set of operating systems used in it. TCLscriptingsubsystem is one of the TCL scripting subsystems. The vulnerability is caused by the program not fully validating user-submitted files

Trust: 2.52

sources: NVD: CVE-2017-12336 // JVNDB: JVNDB-2017-010556 // CNVD: CNVD-2017-36138 // BID: 102168 // VULHUB: VHN-102848

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-36138

AFFECTED PRODUCTS

vendor:	cisco	model:	nx-os	scope:	eq	version:	8.1\(0.59\)s0	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	8.1\(0\)bd\(0.20\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	8.1\(1\)s5	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	8.0\(1\)	Trust: 1.6
vendor:	cisco	model:	unified computing system	scope:	eq	version:	7.0\(0\)hsk\(0.357\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	6.0\(2\)a8\(3\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	8.1\(0.2\)s0	Trust: 1.6
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	70000	Trust: 0.9
vendor:	cisco	model:	nx-os	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified computing system	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus series switche	scope:	eq	version:	3000	Trust: 0.6
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	5000	Trust: 0.6
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	6000	Trust: 0.6
vendor:	cisco	model:	nexus series switches in nx-os mode	scope:	eq	version:	9000	Trust: 0.6
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	7700	Trust: 0.6
vendor:	cisco	model:	nexus platform switches	scope:	eq	version:	5600	Trust: 0.6
vendor:	cisco	model:	nexus platform switches	scope:	eq	version:	5500	Trust: 0.6
vendor:	cisco	model:	nexus series fabric extenders	scope:	eq	version:	2000	Trust: 0.6
vendor:	cisco	model:	nexus platform switches	scope:	eq	version:	3500	Trust: 0.6
vendor:	cisco	model:	multilayer director switches	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	unified computing system manager	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	nexus r-series line cards and fabric modules	scope:	eq	version:	9500	Trust: 0.6
vendor:	cisco	model:	unified computing system manager	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified computing system 7.0 hsk	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	nx-os for nexus series	scope:	eq	version:	77000	Trust: 0.3
vendor:	cisco	model:	nx-os for nexus series	scope:	eq	version:	70000	Trust: 0.3
vendor:	cisco	model:	nexus r-series line cards and fabric modules	scope:	eq	version:	95000	Trust: 0.3
vendor:	cisco	model:	nexus series switches standalone nx-os mode	scope:	eq	version:	9000-0	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	77000	Trust: 0.3
vendor:	cisco	model:	nexus series switches 8.1 bd	scope:	eq	version:	7000	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	60000	Trust: 0.3
vendor:	cisco	model:	nexus platform switches	scope:	eq	version:	56000	Trust: 0.3
vendor:	cisco	model:	nexus platform switches	scope:	eq	version:	55000	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	50000	Trust: 0.3
vendor:	cisco	model:	nexus platform switches	scope:	eq	version:	35000	Trust: 0.3
vendor:	cisco	model:	nexus series switches 6.0 a8	scope:	eq	version:	3000	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	30000	Trust: 0.3
vendor:	cisco	model:	nexus series fabric extenders	scope:	eq	version:	20000	Trust: 0.3
vendor:	cisco	model:	multilayer director switches	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2017-36138 // BID: 102168 // JVNDB: JVNDB-2017-010556 // CNNVD: CNNVD-201711-1228 // NVD: CVE-2017-12336

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-12336
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-12336
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-36138
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201711-1228
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-102848
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-12336
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-36138
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-102848
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-12336
baseSeverity:	MEDIUM
baseScore:	4.2
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	0.8
impactScore:	3.4
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-36138 // VULHUB: VHN-102848 // JVNDB: JVNDB-2017-010556 // CNNVD: CNNVD-201711-1228 // NVD: CVE-2017-12336

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-102848 // JVNDB: JVNDB-2017-010556 // NVD: CVE-2017-12336

THREAT TYPE

local

Trust: 0.9

sources: BID: 102168 // CNNVD: CNNVD-201711-1228

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201711-1228

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010556

PATCH

title:	cisco-sa-20171129-nxos5	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos5	Trust: 0.8
title:	A variety of Cisco products Cisco NX-OSSystemSoftwareTCL script subsystem security bypass vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/107773	Trust: 0.6
title:	Multiple Cisco product Cisco NX-OS System Software TCL Fixes for script subsystem security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76846	Trust: 0.6

sources: CNVD: CNVD-2017-36138 // JVNDB: JVNDB-2017-010556 // CNNVD: CNNVD-201711-1228

EXTERNAL IDS

db:	NVD	id:	CVE-2017-12336	Trust: 3.4
db:	BID	id:	102168	Trust: 1.4
db:	SECTRACK	id:	1039936	Trust: 1.1
db:	JVNDB	id:	JVNDB-2017-010556	Trust: 0.8
db:	CNNVD	id:	CNNVD-201711-1228	Trust: 0.7
db:	CNVD	id:	CNVD-2017-36138	Trust: 0.6
db:	VULHUB	id:	VHN-102848	Trust: 0.1

sources: CNVD: CNVD-2017-36138 // VULHUB: VHN-102848 // BID: 102168 // JVNDB: JVNDB-2017-010556 // CNNVD: CNNVD-201711-1228 // NVD: CVE-2017-12336

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171129-nxos5	Trust: 2.6
url:	http://www.securityfocus.com/bid/102168	Trust: 1.1
url:	http://www.securitytracker.com/id/1039936	Trust: 1.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12336	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12336	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2017-36138 // VULHUB: VHN-102848 // BID: 102168 // JVNDB: JVNDB-2017-010556 // CNNVD: CNNVD-201711-1228 // NVD: CVE-2017-12336

CREDITS

The vendor has reported this issue.

Trust: 0.3

sources: BID: 102168

SOURCES

db:	CNVD	id:	CNVD-2017-36138
db:	VULHUB	id:	VHN-102848
db:	BID	id:	102168
db:	JVNDB	id:	JVNDB-2017-010556
db:	CNNVD	id:	CNNVD-201711-1228
db:	NVD	id:	CVE-2017-12336

LAST UPDATE DATE

2024-11-23T23:12:18.382000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-36138	date:	2017-12-05T00:00:00
db:	VULHUB	id:	VHN-102848	date:	2017-12-15T00:00:00
db:	BID	id:	102168	date:	2017-12-19T22:01:00
db:	JVNDB	id:	JVNDB-2017-010556	date:	2017-12-19T00:00:00
db:	CNNVD	id:	CNNVD-201711-1228	date:	2017-12-01T00:00:00
db:	NVD	id:	CVE-2017-12336	date:	2024-11-21T03:09:19.857

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-36138	date:	2017-12-05T00:00:00
db:	VULHUB	id:	VHN-102848	date:	2017-11-30T00:00:00
db:	BID	id:	102168	date:	2017-11-29T00:00:00
db:	JVNDB	id:	JVNDB-2017-010556	date:	2017-12-19T00:00:00
db:	CNNVD	id:	CNNVD-201711-1228	date:	2017-12-01T00:00:00
db:	NVD	id:	CVE-2017-12336	date:	2017-11-30T09:29:00.540