Privilege escalation in Cisco Systems, Inc products - CVE-2017-12341

Vulnerability identifier: #VU9484

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:U/U:Clear

CVE-ID: CVE-2017-12341

CWE-ID: CWE-77

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Nexus 7700 Series Switches
Nexus 7000 Series Switches
Nexus 6000 Series Switches
Nexus 5600 Platform Switches
Nexus 5500 Platform Switches
Nexus 5000 Series Switches
Nexus 2000 Series Fabric Extenders
Multilayer Director Switches
Cisco Unified Computing System Manager

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists in the CLI of Cisco NX-OS System Software due to insufficient input validation during the installation of a software patch. A local attacker with knowledge of valid administrator credentials can install a specially crafted patch image with the vulnerable operation occurring prior to patch activation and execute arbitrary commands with root privileges.

Successful exploitation of the vulnerability may result in system compromise.

Install update from vendor's website.

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos8