CVE-2017-12342Resource Exposure in Cisco Nx-os

CWE-264CWE-668Resource Exposure4 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
0.1%
top 78.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Nx-os
Timeline
PublishedNov 30
Latest updateMay 13

Description

A vulnerability in the Open Agent Container (OAC) feature of Cisco Nexus Series Switches could allow an unauthenticated, local attacker to read and send packets outside the scope of the OAC. The vulnerability is due to insufficient internal security measures in the OAC feature. An attacker could exploit this vulnerability by crafting specific packets for communication on the device-internal network. A successful exploit could allow the attacker to run code on the underlying host operating system

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:LExploitability: 2.5 | Impact: 3.7

Affected Packages1 packages

NVDcisco/nx-os7.0\(0\)hsk\(0.357\), 8.1\(1\)+1

🔴Vulnerability Details

2
GHSA
GHSA-8722-v7g5-qcvv: A vulnerability in the Open Agent Container (OAC) feature of Cisco Nexus Series Switches could allow an unauthenticated, local attacker to read and se2022-05-13
CVEList
CVE-2017-12342: A vulnerability in the Open Agent Container (OAC) feature of Cisco Nexus Series Switches could allow an unauthenticated, local attacker to read and se2017-11-30

📋Vendor Advisories

1
Cisco
Cisco Nexus Series Switches Open Agent Container Code Execution Vulnerability2017-11-29
CVE-2017-12342 — Resource Exposure in Cisco Nx-os | cvebase