CVE-2017-12336Improper Input Validation in Cisco Nx-os

CWE-20Improper Input Validation4 documents4 sources
Severity
4.2MEDIUMNVD
EPSS
0.1%
top 71.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Nx-osCisco Unified Computing System
Timeline
PublishedNov 30
Latest updateMay 17

Description

A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the interactive TCL shell and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient input validation of user-supplied files passed to the interactive TCL shell of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands on the un

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:LExploitability: 0.8 | Impact: 3.4

Affected Packages2 packages

NVDcisco/unified_computing_system7.0\(0\)hsk\(0.357\)
NVDcisco/nx-os6 versions+5

🔴Vulnerability Details

2
GHSA
GHSA-v5g5-j6gp-xj36: A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the interactive T2022-05-17
CVEList
CVE-2017-12336: A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the interactive T2017-11-30

📋Vendor Advisories

1
Cisco
Cisco NX-OS System Software Interactive TCL Shell Escape Vulnerability2017-11-29
CVE-2017-12336 — Improper Input Validation in Cisco | cvebase