SB2017120112 - Privilege escalation in Cisco Application Policy Infrastructure Controller

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017120112

SB2017120112 - Privilege escalation in Cisco Application Policy Infrastructure Controller

Published: December 1, 2017

Security Bulletin ID SB2017120112
Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Privilege escalation (CVE-ID: CVE-2017-12352)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists in certain system script files that are installed at boot time on Cisco Application Policy Infrastructure Controllers due to insufficient validation of user-controlled input. A local attacker can submit specially crafted input to a script file and execute arbitrary commands with root privileges.

Successful exploitation of the vulnerability may result in system compromise.


Remediation

Install update from vendor's website.

References