SB2017120101 - Multiple vulnerabilities in Cisco NX-OS System Software
Published: December 1, 2017 Updated: December 1, 2017
Security Bulletin ID
SB2017120101
Severity
Low
Patch available
YES
Number of vulnerabilities
14
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 14 secuirty vulnerabilities.
1) Privilege escalation (CVE-ID: CVE-2017-12339)
The vulnerability allows a local attacker to gain elevated privileges on the target system.The weakness exists in the CLI of Cisco NX-OS System Software due to insufficient input validation of command arguments to the CLI parser. A local attacker can inject specially crafted command arguments into a vulnerable CLI command and execute arbitrary commands at the user's privilege level.
Successful exploitation of the vulnerability may result in system compromise.
2) Security restrictions bypass (CVE-ID: CVE-2017-12333)
The vulnerability allows a local attacker to bypass security restrictions on the target system.The weakness exists in Cisco NX-OS System Software due to insufficient NX-OS signature verification for software images. A local attacker with knowledge of valid administrator credentials can bypass signature verification and load a crafted, unsigned software image.
3) Privilege escalation (CVE-ID: CVE-2017-12334)
The vulnerability allows a local attacker to gain elevated privileges on the target system.The weakness exists in the CLI of Cisco NX-OS System Software due to insufficient input validation of command arguments. A local attacker with knowledge of valid administrator credentials can inject specially crafted command arguments into a vulnerable CLI command and execute arbitrary commands with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
4) Privilege escalation (CVE-ID: CVE-2017-12335)
The vulnerability allows a local attacker to gain elevated privileges on the target system.The weakness exists in the CLI of Cisco NX-OS System Software due to insufficient input validation of command arguments to the CLI parser. A local attacker can inject specially crafted command arguments into a vulnerable CLI command and execute arbitrary commands at the user's privilege level.
Successful exploitation of the vulnerability may result in system compromise.
5) Privilege escalation (CVE-ID: CVE-2017-12336)
The vulnerability allows a local attacker to gain elevated privileges on the target system.The weakness exists in the TCL scripting subsystem of Cisco NX-OS System Software due to insufficient input validation of user-supplied files passed to the interactive TCL shell. A local attacker with administrative or tclsh execution privileges can escape the interactive TCL shell, gain unauthorized access to the underlying operating system and execute arbitrary commands with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
6) Privilege escalation (CVE-ID: CVE-2017-12341)
The vulnerability allows a local attacker to gain elevated privileges on the target system.The weakness exists in the CLI of Cisco NX-OS System Software due to insufficient input validation during the installation of a software patch. A local attacker with knowledge of valid administrator credentials can install a specially crafted patch image with the vulnerable operation occurring prior to patch activation and execute arbitrary commands with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
7) Privilege escalation (CVE-ID: CVE-2017-12342)
The vulnerability allows a local attacker to gain elevated privileges on the target system.The weakness exists in the Open Agent Container (OAC) feature due to insufficient internal security measures in the OAC feature. A local attacker can craft specific packets for communication on the device-internal network and run code on the underlying host operating system.
8) Information disclosure (CVE-ID: CVE-2017-12338)
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.The weakness exists in the CLI of Cisco NX-OS System Software due to insufficient input validation for a specific CLI command. A local attacker can issue a specially crafted command on the CLI and read arbitrary files on the underlying local file system.
9) Privilege escalation (CVE-ID: CVE-2017-12329)
The vulnerability allows a local attacker to gain elevated privileges on the target system.The weakness exists in the CLI due to insufficient input validation of command arguments to the CLI parser. A local attacker can inject specially crafted command arguments into a vulnerable CLI command and execute arbitrary commands at the user's privilege level.
Successful exploitation of the vulnerability may result in system compromise.
10) Privilege escalation (CVE-ID: CVE-2017-12330)
The vulnerability allows a local attacker to gain elevated privileges on the target system.The weakness exists in the CLI of Cisco NX-OS System Software due to insufficient input validation of command arguments to the CLI parser. A local attacker can inject specially crafted command arguments into a vulnerable CLI command and execute arbitrary commands at the user's privilege level.
Successful exploitation of the vulnerability may result in system compromise.
11) Security restrictions bypass (CVE-ID: CVE-2017-12331)
The vulnerability allows a local attacker to bypass security restrictions on the target system.The weakness exists in Cisco NX-OS System Software due to insufficient NX-OS signature verification for software images. A local attacker with knowledge of valid administrator credentials can bypass signature verification and load a crafted, unsigned software image.
12) Security restrictions bypass (CVE-ID: CVE-2017-12351)
The vulnerability allows a local attacker to bypass security restrictions on the target system.The weakness exists in the guest shell feature of Cisco NX-OS System Software due to insufficient internal security measures in the guest shell feature. A local attacker with knowledge of valid administrator credentials can bypass security restrictions to send or receive packets on the device-internal network outside of the guest shell container.
13) Security restrictions bypass (CVE-ID: CVE-2017-12332)
The vulnerability allows a local attacker to bypass security restrictions on the target system.The weakness exists in Cisco NX-OS System Software due to insufficient restrictions in the patch installation process. A local attacker with knowledge of valid administrator credentials can install a specially crafted patch image, bypass security restrictions and write a file to arbitrary locations.
14) Improper input validation (CVE-ID: CVE-2017-12340)
The vulnerability allows a local attacker to bypass security restrictions on the target system.
The vulnerability exists due to insufficient sanitization of user-supplied parameters that are passed to certain functions of the Python scripting sandbox. A local attacker can escape the scripting sandbox and enter the Bash shell of the operating system with the privileges of the authenticated user.
Remediation
Install update from vendor's website.
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos7
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos2
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos3
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos4
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos5
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos8
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos9
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos6
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-fxnx
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nss
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos10
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-switch