CVE-2017-12352

CWE-77 — Command Injection4 documents4 sources

Severity

6.7MEDIUM

EPSS

0.1%

top 73.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Application Policy Infrastructure Controller

Timeline

PublishedNov 30

Latest updateMay 13

Description

A vulnerability in certain system script files that are installed at boot time on Cisco Application Policy Infrastructure Controllers could allow an authenticated, local attacker to gain elevated privileges and execute arbitrary commands with root privileges on an affected host operating system. The vulnerability is due to insufficient validation of user-controlled input that is supplied to certain script files of an affected system. An attacker could exploit this vulnerability by submitting cra…

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5cisco_application_policy_infrastructure_controllerCisco Application Policy Infrastructure Controller

▶NVDcisco/application_policy_infrastructure_controller2.3\(1f\)

🔴Vulnerability Details

GHSA

GHSA-vjpq-xwhg-4jr4: A vulnerability in certain system script files that are installed at boot time on Cisco Application Policy Infrastructure Controllers could allow an a↗2022-05-13

▶

CVEList

CVE-2017-12352: A vulnerability in certain system script files that are installed at boot time on Cisco Application Policy Infrastructure Controllers could allow an a↗2017-11-30

▶

📋Vendor Advisories

Cisco

Cisco Application Policy Infrastructure Controller Local Command Injection and Privilege Escalation Vulnerability↗2017-11-30

▶