CVE-2017-12332Unrestricted File Upload in Cisco Nx-os

CWE-434Unrestricted File Upload4 documents4 sources
Severity
4.4MEDIUMNVD
EPSS
0.2%
top 61.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Nx-osCisco Unified Computing System
Timeline
PublishedNov 30
Latest updateMay 17

Description

A vulnerability in Cisco NX-OS System Software patch installation could allow an authenticated, local attacker to write a file to arbitrary locations. The vulnerability is due to insufficient restrictions in the patch installation process. An attacker could exploit this vulnerability by installing a crafted patch image on an affected device. The vulnerable operation occurs prior to patch activation. An exploit could allow the attacker to write arbitrary files on an affected system as root. The a

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages2 packages

NVDcisco/unified_computing_system7.0\(0\)hsk\(0.357\)
NVDcisco/nx-os8.1\(0\)bd\(0.20\), 8.1\(1\)+1

🔴Vulnerability Details

2
GHSA
GHSA-x46g-gp8x-f356: A vulnerability in Cisco NX-OS System Software patch installation could allow an authenticated, local attacker to write a file to arbitrary locations2022-05-17
CVEList
CVE-2017-12332: A vulnerability in Cisco NX-OS System Software patch installation could allow an authenticated, local attacker to write a file to arbitrary locations2017-11-30

📋Vendor Advisories

1
Cisco
Cisco NX-OS System Software Patch Installation Arbitrary File Write Vulnerability2017-11-30
CVE-2017-12332 — Unrestricted File Upload in Cisco | cvebase