CVE-2017-12351Resource Exposure in Cisco Nx-os

CWE-264CWE-668Resource Exposure4 documents4 sources
Severity
5.7MEDIUMNVD
EPSS
0.1%
top 79.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Nx-os
Timeline
PublishedNov 30
Latest updateMay 13

Description

A vulnerability in the guest shell feature of Cisco NX-OS System Software could allow an authenticated, local attacker to read and send packets outside the scope of the guest shell container. An attacker would need valid administrator credentials to perform this attack. The vulnerability is due to insufficient internal security measures in the guest shell feature. An attacker could exploit this vulnerability by sending or receiving packets on the device-internal network outside of the guest shel

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:LExploitability: 1.5 | Impact: 3.7

Affected Packages1 packages

NVDcisco/nx-os7.0\(3\)i7\(1\), 8.1\(0\)bd\(0.20\)+1

🔴Vulnerability Details

2
GHSA
GHSA-p85m-8mw3-j4v4: A vulnerability in the guest shell feature of Cisco NX-OS System Software could allow an authenticated, local attacker to read and send packets outsid2022-05-13
CVEList
CVE-2017-12351: A vulnerability in the guest shell feature of Cisco NX-OS System Software could allow an authenticated, local attacker to read and send packets outsid2017-11-30

📋Vendor Advisories

1
Cisco
Cisco NX-OS System Software Guest Shell Unauthorized Internal Interface Access Vulnerability2017-11-29
CVE-2017-12351 — Resource Exposure in Cisco Nx-os | cvebase