#VU9480 Security restrictions bypass in Nexus 7700 Series Switches and Nexus 7000 Series Switches - CVE-2017-12333
Vulnerability identifier: #VU9480
Vulnerability risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-264
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Nexus 7700 Series Switches
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Nexus 7000 Series Switches
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Vendor: Cisco Systems, Inc
Description
The vulnerability allows a local attacker to bypass security restrictions on the target system.
The weakness exists in Cisco NX-OS System Software due to insufficient NX-OS signature verification for software images. A local attacker with knowledge of valid administrator credentials can bypass signature verification and load a crafted, unsigned software image.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Nexus 7700 Series Switches: All versions
Nexus 7000 Series Switches: All versions
External links
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
