cvelistv5 - CVE-2017-12336

CVE-2017-12336

Vulnerability from cvelistv5

Published

2017-11-30 09:00

Modified

2024-08-05 18:36

Severity ?

Summary

References

URL	Tags
ykramarz@cisco.com	http://www.securityfocus.com/bid/102168
ykramarz@cisco.com	http://www.securitytracker.com/id/1039936	Third Party Advisory, VDB Entry
ykramarz@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos5	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/102168
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039936	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos5	Vendor Advisory

Impacted products

Vendor

Product

Version

▼

n/a

Cisco NX-OS

Version: Cisco NX-OS

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:36:56.285Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "102168",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102168"
          },
          {
            "name": "1039936",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039936"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos5"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco NX-OS"
            }
          ]
        }
      ],
      "datePublic": "2017-11-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the interactive TCL shell and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient input validation of user-supplied files passed to the interactive TCL shell of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. To exploit this vulnerability, an attacker must have local access and be authenticated to the targeted device with administrative or tclsh execution privileges. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. Cisco Bug IDs: CSCve93750, CSCve93762, CSCve93763, CSCvg04127."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-14T10:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "102168",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102168"
        },
        {
          "name": "1039936",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039936"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos5"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-12336",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco NX-OS"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the interactive TCL shell and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient input validation of user-supplied files passed to the interactive TCL shell of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. To exploit this vulnerability, an attacker must have local access and be authenticated to the targeted device with administrative or tclsh execution privileges. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. Cisco Bug IDs: CSCve93750, CSCve93762, CSCve93763, CSCvg04127."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "102168",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102168"
            },
            {
              "name": "1039936",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039936"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos5",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos5"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-12336",
    "datePublished": "2017-11-30T09:00:00",
    "dateReserved": "2017-08-03T00:00:00",
    "dateUpdated": "2024-08-05T18:36:56.285Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:nx-os:6.0\\\\(2\\\\)a8\\\\(3\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"310856A9-CA62-4C1A-A4C9-B6EECC36F496\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:nx-os:8.0\\\\(1\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9C83E090-7C99-465A-A477-C2949B137720\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:nx-os:8.1\\\\(0\\\\)bd\\\\(0.20\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F66360CD-CCCF-4DE7-86F1-996175B4503C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:nx-os:8.1\\\\(0.2\\\\)s0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"94E4AB94-0FC0-4E6B-AAE6-EF37C0ABB548\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:nx-os:8.1\\\\(0.59\\\\)s0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AE02C4C6-1DDE-4EAE-BF67-CB8B120E6C11\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:nx-os:8.1\\\\(1\\\\)s5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C4C0438A-0275-49B1-91BF-437917F3A4BF\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_computing_system:7.0\\\\(0\\\\)hsk\\\\(0.357\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F5154CDB-F7D6-44DA-B118-3DF12EFA2067\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the interactive TCL shell and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient input validation of user-supplied files passed to the interactive TCL shell of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. To exploit this vulnerability, an attacker must have local access and be authenticated to the targeted device with administrative or tclsh execution privileges. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. Cisco Bug IDs: CSCve93750, CSCve93762, CSCve93763, CSCvg04127.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en el subsistema de scripting TCL de Cisco NX-OS System Software podr\\u00eda permitir que un atacante local autenticado escape el shell TCL interactivo y obtenga acceso no autorizado al sistema operativo subyacente del dispositivo. La vulnerabilidad se debe a la validaci\\u00f3n insuficiente de archivos entrantes proporcionados por el usuario que se pasan al shell TCL interactivo del dispositivo afectado. Un atacante podr\\u00eda explotar esta vulnerabilidad para escapar la sandbox de scripting y ejecutar comandos arbitrarios en el sistema operativo en el que se ejecuta con los privilegios del usuario autenticado. Para explotar esta vulnerabilidad, un atacante debe tener acceso local y estar autenticado en el dispositivo objetivo del ataque con privilegios de administrador o de ejecuci\\u00f3n de tclsh. Esta vulnerabilidad afecta a los siguientes productos que ejecutan Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches - Standalone, NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules y Unified Computing System Manager. Cisco Bug IDs: CSCve93750, CSCve93762, CSCve93763, CSCvg04127.\"}]",
      "id": "CVE-2017-12336",
      "lastModified": "2024-11-21T03:09:19.857",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L\", \"baseScore\": 4.2, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 0.8, \"impactScore\": 3.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.6, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-11-30T09:29:00.540",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/102168\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://www.securitytracker.com/id/1039936\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos5\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/102168\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1039936\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"ykramarz@cisco.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-12336\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2017-11-30T09:29:00.540\",\"lastModified\":\"2024-11-21T03:09:19.857\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the interactive TCL shell and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient input validation of user-supplied files passed to the interactive TCL shell of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. To exploit this vulnerability, an attacker must have local access and be authenticated to the targeted device with administrative or tclsh execution privileges. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. Cisco Bug IDs: CSCve93750, CSCve93762, CSCve93763, CSCvg04127.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en el subsistema de scripting TCL de Cisco NX-OS System Software podr\u00eda permitir que un atacante local autenticado escape el shell TCL interactivo y obtenga acceso no autorizado al sistema operativo subyacente del dispositivo. La vulnerabilidad se debe a la validaci\u00f3n insuficiente de archivos entrantes proporcionados por el usuario que se pasan al shell TCL interactivo del dispositivo afectado. Un atacante podr\u00eda explotar esta vulnerabilidad para escapar la sandbox de scripting y ejecutar comandos arbitrarios en el sistema operativo en el que se ejecuta con los privilegios del usuario autenticado. Para explotar esta vulnerabilidad, un atacante debe tener acceso local y estar autenticado en el dispositivo objetivo del ataque con privilegios de administrador o de ejecuci\u00f3n de tclsh. Esta vulnerabilidad afecta a los siguientes productos que ejecutan Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches - Standalone, NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules y Unified Computing System Manager. Cisco Bug IDs: CSCve93750, CSCve93762, CSCve93763, CSCvg04127.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":4.2,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":0.8,\"impactScore\":3.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:6.0\\\\(2\\\\)a8\\\\(3\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"310856A9-CA62-4C1A-A4C9-B6EECC36F496\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:8.0\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C83E090-7C99-465A-A477-C2949B137720\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:8.1\\\\(0\\\\)bd\\\\(0.20\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F66360CD-CCCF-4DE7-86F1-996175B4503C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:8.1\\\\(0.2\\\\)s0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94E4AB94-0FC0-4E6B-AAE6-EF37C0ABB548\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:8.1\\\\(0.59\\\\)s0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE02C4C6-1DDE-4EAE-BF67-CB8B120E6C11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:8.1\\\\(1\\\\)s5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4C0438A-0275-49B1-91BF-437917F3A4BF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_computing_system:7.0\\\\(0\\\\)hsk\\\\(0.357\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5154CDB-F7D6-44DA-B118-3DF12EFA2067\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/102168\",\"source\":\"ykramarz@cisco.com\"},{\"url\":\"http://www.securitytracker.com/id/1039936\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos5\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/102168\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1039936\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

gsd-2017-12336

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2017-12336

Aliases

CVE-2017-12336

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-12336",
    "description": "A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the interactive TCL shell and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient input validation of user-supplied files passed to the interactive TCL shell of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. To exploit this vulnerability, an attacker must have local access and be authenticated to the targeted device with administrative or tclsh execution privileges. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. Cisco Bug IDs: CSCve93750, CSCve93762, CSCve93763, CSCvg04127.",
    "id": "GSD-2017-12336"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-12336"
      ],
      "details": "A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the interactive TCL shell and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient input validation of user-supplied files passed to the interactive TCL shell of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. To exploit this vulnerability, an attacker must have local access and be authenticated to the targeted device with administrative or tclsh execution privileges. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. Cisco Bug IDs: CSCve93750, CSCve93762, CSCve93763, CSCvg04127.",
      "id": "GSD-2017-12336",
      "modified": "2023-12-13T01:21:03.336865Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2017-12336",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cisco NX-OS",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Cisco NX-OS"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the interactive TCL shell and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient input validation of user-supplied files passed to the interactive TCL shell of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. To exploit this vulnerability, an attacker must have local access and be authenticated to the targeted device with administrative or tclsh execution privileges. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. Cisco Bug IDs: CSCve93750, CSCve93762, CSCve93763, CSCvg04127."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-20"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "102168",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/102168"
          },
          {
            "name": "1039936",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1039936"
          },
          {
            "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos5",
            "refsource": "CONFIRM",
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos5"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:cisco:nx-os:8.1\\(1\\)s5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:nx-os:8.1\\(0\\)bd\\(0.20\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:nx-os:8.1\\(0.59\\)s0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:nx-os:8.1\\(0.2\\)s0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:nx-os:8.0\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(3\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_computing_system:7.0\\(0\\)hsk\\(0.357\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-12336"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the interactive TCL shell and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient input validation of user-supplied files passed to the interactive TCL shell of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. To exploit this vulnerability, an attacker must have local access and be authenticated to the targeted device with administrative or tclsh execution privileges. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. Cisco Bug IDs: CSCve93750, CSCve93762, CSCve93763, CSCvg04127."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos5",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos5"
            },
            {
              "name": "1039936",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1039936"
            },
            {
              "name": "102168",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/102168"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "exploitabilityScore": 0.8,
          "impactScore": 3.4
        }
      },
      "lastModifiedDate": "2017-12-15T02:29Z",
      "publishedDate": "2017-11-30T09:29Z"
    }
  }
}

ghsa-v5g5-j6gp-xj36

Vulnerability from github

Published

2022-05-17 00:15

Modified

2022-05-17 00:15

Severity ?

4.2 (Medium) - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-12336"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-11-30T09:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the interactive TCL shell and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient input validation of user-supplied files passed to the interactive TCL shell of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. To exploit this vulnerability, an attacker must have local access and be authenticated to the targeted device with administrative or tclsh execution privileges. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. Cisco Bug IDs: CSCve93750, CSCve93762, CSCve93763, CSCvg04127.",
  "id": "GHSA-v5g5-j6gp-xj36",
  "modified": "2022-05-17T00:15:06Z",
  "published": "2022-05-17T00:15:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12336"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos5"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102168"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039936"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2017-12336

Vulnerability from fkie_nvd

Published

2017-11-30 09:29

Modified

2024-11-21 03:09

Severity ?

4.2 (Medium) - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Summary

References

URL	Tags
ykramarz@cisco.com	http://www.securityfocus.com/bid/102168
ykramarz@cisco.com	http://www.securitytracker.com/id/1039936	Third Party Advisory, VDB Entry
ykramarz@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos5	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/102168
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039936	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos5	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	nx-os	6.0\(2\)a8\(3\)
cisco	nx-os	8.0\(1\)
cisco	nx-os	8.1\(0\)bd\(0.20\)
cisco	nx-os	8.1\(0.2\)s0
cisco	nx-os	8.1\(0.59\)s0
cisco	nx-os	8.1\(1\)s5
cisco	unified_computing_system	7.0\(0\)hsk\(0.357\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "310856A9-CA62-4C1A-A4C9-B6EECC36F496",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:8.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "9C83E090-7C99-465A-A477-C2949B137720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:8.1\\(0\\)bd\\(0.20\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F66360CD-CCCF-4DE7-86F1-996175B4503C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:8.1\\(0.2\\)s0:*:*:*:*:*:*:*",
              "matchCriteriaId": "94E4AB94-0FC0-4E6B-AAE6-EF37C0ABB548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:8.1\\(0.59\\)s0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE02C4C6-1DDE-4EAE-BF67-CB8B120E6C11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:nx-os:8.1\\(1\\)s5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4C0438A-0275-49B1-91BF-437917F3A4BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_computing_system:7.0\\(0\\)hsk\\(0.357\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F5154CDB-F7D6-44DA-B118-3DF12EFA2067",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the interactive TCL shell and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient input validation of user-supplied files passed to the interactive TCL shell of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. To exploit this vulnerability, an attacker must have local access and be authenticated to the targeted device with administrative or tclsh execution privileges. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. Cisco Bug IDs: CSCve93750, CSCve93762, CSCve93763, CSCvg04127."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el subsistema de scripting TCL de Cisco NX-OS System Software podr\u00eda permitir que un atacante local autenticado escape el shell TCL interactivo y obtenga acceso no autorizado al sistema operativo subyacente del dispositivo. La vulnerabilidad se debe a la validaci\u00f3n insuficiente de archivos entrantes proporcionados por el usuario que se pasan al shell TCL interactivo del dispositivo afectado. Un atacante podr\u00eda explotar esta vulnerabilidad para escapar la sandbox de scripting y ejecutar comandos arbitrarios en el sistema operativo en el que se ejecuta con los privilegios del usuario autenticado. Para explotar esta vulnerabilidad, un atacante debe tener acceso local y estar autenticado en el dispositivo objetivo del ataque con privilegios de administrador o de ejecuci\u00f3n de tclsh. Esta vulnerabilidad afecta a los siguientes productos que ejecutan Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches - Standalone, NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules y Unified Computing System Manager. Cisco Bug IDs: CSCve93750, CSCve93762, CSCve93763, CSCvg04127."
    }
  ],
  "id": "CVE-2017-12336",
  "lastModified": "2024-11-21T03:09:19.857",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 4.2,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 3.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-11-30T09:29:00.540",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securityfocus.com/bid/102168"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039936"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/102168"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039936"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos5"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the interactive TCL shell and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient input validation of user-supplied files passed to the interactive TCL shell of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. To exploit this vulnerability, an attacker must have local access and be authenticated to the targeted device with administrative or tclsh execution privileges. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. Cisco Bug IDs: CSCve93750, CSCve93762, CSCve93763, CSCvg04127. Cisco NX-OS System software contains a vulnerability related to input validation. Vendors have confirmed this vulnerability Bug ID CSCve93750 , CSCve93762 , CSCve93763 ,and CSCvg04127 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco MultilayerDirectorSwitches, etc. are products of Cisco. Cisco MultilayerDirectorSwitches is a switch product. Nexus2000 SeriesFabricExtenders is a Nexus2000 Series Array Extender. NX-OSSystemSoftware is a set of operating systems used in it. TCLscriptingsubsystem is one of the TCL scripting subsystems. The vulnerability is caused by the program not fully validating user-submitted files

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0331",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "unified computing system",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "7.0\\(0\\)hsk\\(0.357\\)"
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "8.1\\(0\\)bd\\(0.20\\)"
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "6.0\\(2\\)a8\\(3\\)"
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "8.1\\(0.2\\)s0"
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "8.1\\(1\\)s5"
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "8.0\\(1\\)"
      },
      {
        "model": "nx-os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "8.1\\(0.59\\)s0"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "nx-os",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified computing system",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nexus series switche",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "6000"
      },
      {
        "model": "nexus series switches in nx-os mode",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "9000"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7700"
      },
      {
        "model": "nexus platform switches",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "5600"
      },
      {
        "model": "nexus platform switches",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "5500"
      },
      {
        "model": "nexus series fabric extenders",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "2000"
      },
      {
        "model": "nexus platform switches",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "3500"
      },
      {
        "model": "multilayer director switches",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified computing system manager",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nexus r-series line cards and fabric modules",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "9500"
      },
      {
        "model": "unified computing system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified computing system 7.0 hsk",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "nx-os for nexus series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "77000"
      },
      {
        "model": "nx-os for nexus series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "nexus r-series line cards and fabric modules",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "95000"
      },
      {
        "model": "nexus series switches standalone nx-os mode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9000-0"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "77000"
      },
      {
        "model": "nexus series switches 8.1 bd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7000"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "nexus platform switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "56000"
      },
      {
        "model": "nexus platform switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "55000"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "nexus platform switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "35000"
      },
      {
        "model": "nexus series switches 6.0 a8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "nexus series fabric extenders",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20000"
      },
      {
        "model": "multilayer director switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-36138"
      },
      {
        "db": "BID",
        "id": "102168"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010556"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12336"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-1228"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:cisco:nx-os:8.1\\(1\\)s5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:nx-os:8.1\\(0\\)bd\\(0.20\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:nx-os:8.1\\(0.59\\)s0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:nx-os:8.1\\(0.2\\)s0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:nx-os:8.0\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:nx-os:6.0\\(2\\)a8\\(3\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_computing_system:7.0\\(0\\)hsk\\(0.357\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-12336"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor has reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "102168"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-12336",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.6,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2017-12336",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2017-36138",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-102848",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "LOW",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 0.8,
            "impactScore": 3.4,
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "Low",
            "baseScore": 4.2,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2017-12336",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-12336",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-36138",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201711-1228",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-102848",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-36138"
      },
      {
        "db": "VULHUB",
        "id": "VHN-102848"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010556"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12336"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-1228"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the interactive TCL shell and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient input validation of user-supplied files passed to the interactive TCL shell of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. To exploit this vulnerability, an attacker must have local access and be authenticated to the targeted device with administrative or tclsh execution privileges. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. Cisco Bug IDs: CSCve93750, CSCve93762, CSCve93763, CSCvg04127. Cisco NX-OS System software contains a vulnerability related to input validation. Vendors have confirmed this vulnerability Bug ID CSCve93750 , CSCve93762 , CSCve93763 ,and CSCvg04127 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco MultilayerDirectorSwitches, etc. are products of Cisco. Cisco MultilayerDirectorSwitches is a switch product. Nexus2000 SeriesFabricExtenders is a Nexus2000 Series Array Extender. NX-OSSystemSoftware is a set of operating systems used in it. TCLscriptingsubsystem is one of the TCL scripting subsystems. The vulnerability is caused by the program not fully validating user-submitted files",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-12336"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010556"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-36138"
      },
      {
        "db": "BID",
        "id": "102168"
      },
      {
        "db": "VULHUB",
        "id": "VHN-102848"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-12336",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "102168",
        "trust": 1.4
      },
      {
        "db": "SECTRACK",
        "id": "1039936",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010556",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-1228",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-36138",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-102848",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-36138"
      },
      {
        "db": "VULHUB",
        "id": "VHN-102848"
      },
      {
        "db": "BID",
        "id": "102168"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010556"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12336"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-1228"
      }
    ]
  },
  "id": "VAR-201711-0331",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-36138"
      },
      {
        "db": "VULHUB",
        "id": "VHN-102848"
      }
    ],
    "trust": 1.28133569
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-36138"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:57:14.183000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20171129-nxos5",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171129-nxos5"
      },
      {
        "title": "A variety of Cisco products Cisco NX-OSSystemSoftwareTCL script subsystem security bypass vulnerability patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/107773"
      },
      {
        "title": "Multiple Cisco product Cisco NX-OS System Software TCL Fixes for script subsystem security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=76846"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-36138"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010556"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-1228"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-102848"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010556"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12336"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171129-nxos5"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/102168"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1039936"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12336"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12336"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-36138"
      },
      {
        "db": "VULHUB",
        "id": "VHN-102848"
      },
      {
        "db": "BID",
        "id": "102168"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010556"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12336"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-1228"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-36138"
      },
      {
        "db": "VULHUB",
        "id": "VHN-102848"
      },
      {
        "db": "BID",
        "id": "102168"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010556"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12336"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-1228"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-12-05T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-36138"
      },
      {
        "date": "2017-11-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-102848"
      },
      {
        "date": "2017-11-29T00:00:00",
        "db": "BID",
        "id": "102168"
      },
      {
        "date": "2017-12-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-010556"
      },
      {
        "date": "2017-11-30T09:29:00.540000",
        "db": "NVD",
        "id": "CVE-2017-12336"
      },
      {
        "date": "2017-12-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201711-1228"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-12-05T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-36138"
      },
      {
        "date": "2017-12-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-102848"
      },
      {
        "date": "2017-12-19T22:01:00",
        "db": "BID",
        "id": "102168"
      },
      {
        "date": "2017-12-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-010556"
      },
      {
        "date": "2017-12-15T02:29:03.923000",
        "db": "NVD",
        "id": "CVE-2017-12336"
      },
      {
        "date": "2017-12-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201711-1228"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "102168"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-1228"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco NX-OS System software input validation vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010556"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-1228"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2017-12336

Vulnerability from cvelistv5

gsd-2017-12336

Vulnerability from gsd

ghsa-v5g5-j6gp-xj36

Vulnerability from github

CVE-2017-12336

Vulnerability from fkie_nvd

var-201711-0331

Vulnerability from variot

Tags

Sightings

Nomenclature