Details of VAR-201711-0346

ID

VAR-201711-0346

CVE

CVE-2017-12351

TITLE

Cisco NX-OS Vulnerabilities related to authorization, authority, and access control in system software

Trust: 0.8

sources: JVNDB: JVNDB-2017-010561

DESCRIPTION

A vulnerability in the guest shell feature of Cisco NX-OS System Software could allow an authenticated, local attacker to read and send packets outside the scope of the guest shell container. An attacker would need valid administrator credentials to perform this attack. The vulnerability is due to insufficient internal security measures in the guest shell feature. An attacker could exploit this vulnerability by sending or receiving packets on the device-internal network outside of the guest shell container, aka "Unauthorized Internal Interface Access." This vulnerability affects the following products running Cisco NX-OS System Software: Nexus 3000 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCvf33038. Cisco NX-OS System software contains vulnerabilities related to authorization, permissions, and access control. Vendors have confirmed this vulnerability Bug ID CSCvf33038 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Nexus 3000 Series Switches, etc. are products of Cisco. The Cisco Nexus 3000 Series Switches is a 3000 Series switch. The Nexus 9500R-Series LineCards is a 9500R line card. NX-OSSystemSoftware is a set of operating systems running on it. An attacker can exploit this issue to bypass the security mechanism and gain unauthorized access. This may lead to further attacks

Trust: 2.52

sources: NVD: CVE-2017-12351 // JVNDB: JVNDB-2017-010561 // CNVD: CNVD-2017-36394 // BID: 102019 // VULHUB: VHN-102865

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-36394

AFFECTED PRODUCTS

vendor:	cisco	model:	nx-os	scope:	eq	version:	8.1\(0\)bd\(0.20\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	7.0\(3\)i7\(1\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus series switche	scope:	eq	version:	3000	Trust: 0.6
vendor:	cisco	model:	nexus series switches in nx-os mode	scope:	eq	version:	9000	Trust: 0.6
vendor:	cisco	model:	nexus r-series line cards and fabric modules	scope:	eq	version:	9500	Trust: 0.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	nexus r-series line cards and fabric modules	scope:	eq	version:	95000	Trust: 0.3
vendor:	cisco	model:	nexus series switches standalone nx-os mode	scope:	eq	version:	9000-0	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	30000	Trust: 0.3

sources: CNVD: CNVD-2017-36394 // BID: 102019 // JVNDB: JVNDB-2017-010561 // CNNVD: CNNVD-201711-1215 // NVD: CVE-2017-12351

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-12351
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-12351
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-36394
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201711-1215
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-102865
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-12351
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-36394
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:L/AC:L/AU:S/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.1
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-102865
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-12351
baseSeverity:	MEDIUM
baseScore:	5.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	1.5
impactScore:	3.7
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-36394 // VULHUB: VHN-102865 // JVNDB: JVNDB-2017-010561 // CNNVD: CNNVD-201711-1215 // NVD: CVE-2017-12351

PROBLEMTYPE DATA

problemtype:	CWE-264	Trust: 1.9
problemtype:	CWE-668	Trust: 1.1

sources: VULHUB: VHN-102865 // JVNDB: JVNDB-2017-010561 // NVD: CVE-2017-12351

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201711-1215

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201711-1215

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010561

PATCH

title:	cisco-sa-20171129-nxos10	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos10	Trust: 0.8
title:	Patches for accessing vulnerabilities by various Cisco products NX-OSSystemSoftware	url:	https://www.cnvd.org.cn/patchInfo/show/108209	Trust: 0.6
title:	Multiple Cisco product NX-OS System Software Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76833	Trust: 0.6

sources: CNVD: CNVD-2017-36394 // JVNDB: JVNDB-2017-010561 // CNNVD: CNNVD-201711-1215

EXTERNAL IDS

db:	NVD	id:	CVE-2017-12351	Trust: 3.4
db:	BID	id:	102019	Trust: 2.6
db:	SECTRACK	id:	1039932	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-010561	Trust: 0.8
db:	CNNVD	id:	CNNVD-201711-1215	Trust: 0.7
db:	CNVD	id:	CNVD-2017-36394	Trust: 0.6
db:	VULHUB	id:	VHN-102865	Trust: 0.1

sources: CNVD: CNVD-2017-36394 // VULHUB: VHN-102865 // BID: 102019 // JVNDB: JVNDB-2017-010561 // CNNVD: CNNVD-201711-1215 // NVD: CVE-2017-12351

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171129-nxos10	Trust: 2.6
url:	http://www.securityfocus.com/bid/102019	Trust: 1.7
url:	http://www.securitytracker.com/id/1039932	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12351	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12351	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2017-36394 // VULHUB: VHN-102865 // BID: 102019 // JVNDB: JVNDB-2017-010561 // CNNVD: CNNVD-201711-1215 // NVD: CVE-2017-12351

CREDITS

Cisco.

Trust: 0.3

sources: BID: 102019

SOURCES

db:	CNVD	id:	CNVD-2017-36394
db:	VULHUB	id:	VHN-102865
db:	BID	id:	102019
db:	JVNDB	id:	JVNDB-2017-010561
db:	CNNVD	id:	CNNVD-201711-1215
db:	NVD	id:	CVE-2017-12351

LAST UPDATE DATE

2024-11-23T22:17:46.170000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-36394	date:	2017-12-06T00:00:00
db:	VULHUB	id:	VHN-102865	date:	2019-10-09T00:00:00
db:	BID	id:	102019	date:	2017-12-19T22:01:00
db:	JVNDB	id:	JVNDB-2017-010561	date:	2017-12-19T00:00:00
db:	CNNVD	id:	CNNVD-201711-1215	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-12351	date:	2024-11-21T03:09:21.730

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-36394	date:	2017-12-06T00:00:00
db:	VULHUB	id:	VHN-102865	date:	2017-11-30T00:00:00
db:	BID	id:	102019	date:	2017-11-29T00:00:00
db:	JVNDB	id:	JVNDB-2017-010561	date:	2017-12-19T00:00:00
db:	CNNVD	id:	CNNVD-201711-1215	date:	2017-12-01T00:00:00
db:	NVD	id:	CVE-2017-12351	date:	2017-11-30T09:29:00.997