CVE-2017-12332

Published: Nov 30, 2017 Last Modified: Apr 20, 2025 EU-VD ID: EUVD-2017-3905 Aliases: GSD-2017-12332
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 4,4
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: high
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: high
Availability: none
MEDIUM 4,9
Source: [email protected]
Access Vector: local
Access Complexity: low
Authentication: none
Confidentiality: none
Integrity: complete
Availability: none

Description

AI Translation Available

A vulnerability in Cisco NX-OS System Software patch installation could allow an authenticated, local attacker to write a file to arbitrary locations. The vulnerability is due to insufficient restrictions in the patch installation process. An attacker could exploit this vulnerability by installing a crafted patch image on an affected device. The vulnerable operation occurs prior to patch activation. An exploit could allow the attacker to write arbitrary files on an affected system as root. The attacker would need valid administrator credentials to perform this exploit. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Unified Computing System Manager. Cisco Bug IDs: CSCvf16513, CSCvf23794, CSCvf23832.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0017
Percentile
0,4th
Updated

EPSS Score Trend (Last 91 Days)

434

Unrestricted Upload of File with Dangerous Type

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Confidentiality Availability
Potential Impacts:
Execute Unauthorized Code Or Commands
Applicable Platforms
Languages: ASP.NET, Not Language-Specific, PHP
Technologies: Web Server
Likelihood of Exploit: Medium
View CWE Details
Operating System

Nx-Os by Cisco

Product Information
Vendor Cisco
Product Nx-Os
Version 8.1\(1\)
cpe:2.3:o:cisco:nx-os:8.1\(1\):*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Unified Computing System by Cisco

Product Information
Vendor Cisco
Product Unified Computing System
Version 7.0\(0\)hsk\(0.357\)
cpe:2.3:a:cisco:unified_computing_system:7.0\(0\)hsk\(0.357\):*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Nx-Os by Cisco

Product Information
Vendor Cisco
Product Nx-Os
Version 8.1\(0\)bd\(0.20\)
cpe:2.3:o:cisco:nx-os:8.1\(0\)bd\(0.20\):*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://tools.cisco.com/security/center/content/CiscoSecuri…
Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-…
http://www.securityfocus.com/bid/102160
http://www.securityfocus.com/bid/102160
http://www.securitytracker.com/id/1039931
Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039931
https://tools.cisco.com/security/center/content/CiscoSecuri…
Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-…
http://www.securityfocus.com/bid/102160
http://www.securityfocus.com/bid/102160
http://www.securitytracker.com/id/1039931
Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039931