Main Vulnerability Database SB2017101807

SB2017101807 - Privilege escalation in Cisco Nexus

Published: October 18, 2017

Security Bulletin ID SB2017101807

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Privilege escalation (CVE-ID: CVE-2017-12301)

The vulnerability allows a local attacker to gain elevated privileges.

The weakness exists in the Python scripting subsystem of Cisco NX-OS Software due to insufficient sanitization of user-supplied parameters that are passed to certain Python functions within the scripting sandbox. A local attacker can escape the scripting sandbox and execute arbitrary commands on the underlying operating system with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ppe

SB2017101807 - Privilege escalation in Cisco Nexus

Breakdown by Severity

Description

Remediation

References

Please verify you're human