CVE-2017-12339

Published: Nov 30, 2017 Last Modified: Apr 20, 2025 EU-VD ID: EUVD-2017-3912 Aliases: GSD-2017-12339
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 5,7
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: high
User Interaction: none
Scope: changed
Confidentiality: low
Integrity: low
Availability: low
MEDIUM 4,6
Source: [email protected]
Access Vector: local
Access Complexity: low
Authentication: none
Confidentiality: partial
Integrity: partial
Availability: partial

Description

AI Translation Available

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to execute arbitrary commands at the user's privilege level. On products that support multiple virtual device contexts (VDCs), this vulnerability could allow the attacker to execute commands at the user's privilege level outside the user's environment. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode, Nexus 9000 Series Switches in standalone NX-OS mode, and Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCve99925, CSCvf15164, CSCvf15167, CSCvf15170, CSCvf15173.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0019
Percentile
0,4th
Updated

EPSS Score Trend (Last 91 Days)

77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Confidentiality Availability
Potential Impacts:
Execute Unauthorized Code Or Commands
Applicable Platforms
Technologies: AI/ML
Likelihood of Exploit: High
View CWE Details
Operating System

Lan Switch Software by Cisco

Product Information
Vendor Cisco
Product Lan Switch Software
Version 12.2\(1.107\)
cpe:2.3:o:cisco:lan_switch_software:12.2\(1.107\):*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Nx-Os by Cisco

Product Information
Vendor Cisco
Product Nx-Os
Version 8.0\(1\)
cpe:2.3:o:cisco:nx-os:8.0\(1\):*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Nx-Os by Cisco

Product Information
Vendor Cisco
Product Nx-Os
Version 7.0\(0\)hsk\(0.357\)
cpe:2.3:o:cisco:nx-os:7.0\(0\)hsk\(0.357\):*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Nx-Os by Cisco

Product Information
Vendor Cisco
Product Nx-Os
Version 8.1\(0\)bd\(0.20\)
cpe:2.3:o:cisco:nx-os:8.1\(0\)bd\(0.20\):*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://tools.cisco.com/security/center/content/CiscoSecuri…
Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-…
http://www.securityfocus.com/bid/102198
http://www.securityfocus.com/bid/102198
http://www.securitytracker.com/id/1039938
Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039938
https://tools.cisco.com/security/center/content/CiscoSecuri…
Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-…
http://www.securityfocus.com/bid/102198
http://www.securityfocus.com/bid/102198
http://www.securitytracker.com/id/1039938
Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039938