Vulnerability in Open Agent Container of Cisco Nexus Series Switches
CVE-2017-12342

6.8MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Nexus Series Switches
Vendor
CVE Published:
30 November 2017

Summary

A vulnerability exists within the Open Agent Container (OAC) feature of Cisco Nexus Series Switches that permits an unauthenticated, local attacker to manipulate network packets beyond the confines of the OAC. This flaw stems from inadequate security protocols. An attacker can exploit the vulnerability by sending specially crafted packets over the internal device network, which could potentially lead to executing code on the host operating system. Notably, OAC is disabled by default, requiring administrative actions to enable this feature for exploitation.

Affected Version(s)

Cisco Nexus Series Switches Cisco Nexus Series Switches

References

https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/102027
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1039940
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.