Lucene search

[email protected]CVE-2017-12331

HistoryNov 30, 2017 - 9:29 a.m.

CVE-2017-12331

2017-11-3009:29:00

CWE-347

[email protected]

web.nvd.nist.gov

cisco

nx-os

vulnerability

signature verification

software patch

exploit

authentication

local attacker

cisco bug ids

nvd

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.6 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software patch. The vulnerability is due to insufficient NX-OS signature verification for software patches. An authenticated, local attacker could exploit this vulnerability to bypass signature verification and load a crafted, unsigned software patch on a targeted device. The attacker would need valid administrator credentials to perform this exploit. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Unified Computing System Manager. Cisco Bug IDs: CSCvf16494, CSCvf23655.

CPENameOperatorVersion
cisco:nx-oscisco nx-oseq8.1\(1\)
cisco:unified_computing_systemcisco unified computing systemeq7.0\(0\)hsk\(0.357\)

CPE	Name	Operator	Version
cisco:nx-os	cisco nx-os	eq	8.1\(1\)
cisco:unified_computing_system	cisco unified computing system	eq	7.0\(0\)hsk\(0.357\)

References

www.securityfocus.com/bid/102159

www.securitytracker.com/id/1039930

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.6 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2017-12331

cvelist1 cisco1 prion1