Privilege escalation in Cisco Systems, Inc products - CVE-2017-12301
Published: October 19, 2017
Vulnerability identifier: #VU8895
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-12301
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Nexus 5000 Series Switches
Cisco Nexus 3000 Series Switches
Cisco Nexus 9000 Series Switches
Cisco Nexus 7000 Series Switches
Cisco Nexus 9500 R-Series
Cisco Nexus 7700 Series Switches
Cisco Nexus 6000 Series Switches
Cisco Nexus 5600 Series Switches
Cisco Nexus 5500 Series Switches
Nexus 3500 Series Switches
Cisco Nexus 2000 Series Switches
Cisco Nexus 5000 Series Switches
Cisco Nexus 3000 Series Switches
Cisco Nexus 9000 Series Switches
Cisco Nexus 7000 Series Switches
Cisco Nexus 9500 R-Series
Cisco Nexus 7700 Series Switches
Cisco Nexus 6000 Series Switches
Cisco Nexus 5600 Series Switches
Cisco Nexus 5500 Series Switches
Nexus 3500 Series Switches
Cisco Nexus 2000 Series Switches
Detailed vulnerability description
The vulnerability allows a local attacker to gain elevated privileges.
The weakness exists in the Python scripting subsystem of Cisco NX-OS Software due to insufficient sanitization of user-supplied parameters that are passed to certain Python functions within the scripting sandbox. A local attacker can escape the scripting sandbox and execute arbitrary commands on the underlying operating system with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists in the Python scripting subsystem of Cisco NX-OS Software due to insufficient sanitization of user-supplied parameters that are passed to certain Python functions within the scripting sandbox. A local attacker can escape the scripting sandbox and execute arbitrary commands on the underlying operating system with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
How to mitigate CVE-2017-12301
Update Cisco Nexus 7000 to version 7.3(2)D1(1), 8.1(1) or 8.2(1).
Update Cisco Nexus 9000 to version 7.0(3)I7(1).
Update Cisco Nexus 3000 to version 6.0(2)A8(7).
Update Cisco Nexus 9000 to version 7.0(3)I7(1).
Update Cisco Nexus 3000 to version 6.0(2)A8(7).