Cisco NX-OS System Software CVE-2017-12330 Local Command Injection Vulnerability

Cisco NX-OS System Software is prone to a local command-injection vulnerability.

A local attacker can exploit this issue to execute arbitrary commands with user's privileges.

This issue being tracked by Cisco Bug IDs CSCve99902 and CSCvf14879.

Information

Bugtraq ID: 102012
Class: Unknown
CVE: CVE-2017-12330

Remote: No
Local: Yes
Published: Nov 29 2017 12:00AM
Updated: Nov 29 2017 12:00AM
Credit: The vendor reported this issue.
Vulnerable: Cisco NX-OS 0
Cisco Nexus 9500 R-Series Line Cards and Fabric Modules 0
Cisco Nexus 9000 Series Switches - Standalone NX-OS mode 0
Cisco Nexus 7700 Series Switches 0
Cisco Nexus 7000 Series Switches 8.1(1)
Cisco Nexus 7000 Series Switches 8.1(0)BD(0.20)
Cisco Nexus 6000 Series Switches 0
Cisco Nexus 5600 Platform Switches 0
Cisco Nexus 5500 Platform Switches 0
Cisco Nexus 5000 Series Switches 7.0(0)HSK(0.357)
Cisco Nexus 3000 Series Switches 0
Cisco Nexus 2000 Series Fabric Extenders 0
Cisco Multilayer Director Switches 0

Not Vulnerable:

Exploit

Attackers require local interactive access to exploit this issue.

References:

Cisco Homepage (Cisco )
Cisco Nexus Series Switches CLI Command Injection Vulnerability (cisco)

Source: www.securityfocus.com

Exploit Collector

Search Exploit