Bash Shell Access Vulnerability in Cisco NX-OS System Software on MDS and Nexus Switches
CVE-2017-12340

4.2MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Multilayer Director, Nexus 7000 Series, And Nexus 7700 Series Switches
Vendor: CVE Published:; 30 November 2017

Summary

A vulnerability in Cisco NX-OS System Software affects Cisco MDS Multilayer Director Switches and Nexus 7000 and 7700 Series Switches. It allows an authenticated local attacker to access the Bash shell of the device's operating system, even when Bash shell access is disabled. This issue arises from inadequate sanitization of user-supplied parameters in the Python scripting sandbox, enabling an attacker to escape the sandbox environment. To exploit this vulnerability, an attacker must have local and authenticated access to the system, possessing either administrative rights or privileges to execute Python scripts. For more details, refer to Cisco's security advisory.

Affected Version(s)

Cisco Multilayer Director, Nexus 7000 Series, and Nexus 7700 Series Switches Cisco Multilayer Director, Nexus 7000 Series, and Nexus 7700 Series Switches

References

http://www.securityfocus.com/bid/102069

vdb-entryx_refsource_BID

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 30, 2017
Vulnerability Reserved
Aug 3, 2017