CNVD-2017-36155

Vulnerability from cnvd - Published: 2017-12-05
VLAI Severity ?
Title
多款Cisco产品Cisco NX-OS System Software命令注入漏洞
Description
Cisco Multilayer Director Switches等都是美国思科(Cisco)公司的产品。Cisco Multilayer Director Switches是一款交换机产品。Nexus 2000 Series Fabric Extenders是一款Nexus 2000系列阵列扩展器。NX-OS System Software是使用在其中的一套操作系统。CLI是其中的一个命令行程序。 多款Cisco产品中的Cisco NX-OS System Software的CLI存在命令注入漏洞,该漏洞程序未能对发送到CLI解释器的命令参数执行充分的输入验证。本地攻击者可通过向受影响的CLI命令注入恶意的命令参数并获取底层操作系统的访问权限利用该漏洞以用户权限执行命令。
Severity
Patch Name
多款Cisco产品Cisco NX-OS System Software命令注入漏洞的补丁
Patch Description
Cisco Multilayer Director Switches等都是美国思科(Cisco)公司的产品。Cisco Multilayer Director Switches是一款交换机产品。Nexus 2000 Series Fabric Extenders是一款Nexus 2000系列阵列扩展器。NX-OS System Software是使用在其中的一套操作系统。CLI是其中的一个命令行程序。 多款Cisco产品中的Cisco NX-OS System Software的CLI存在命令注入漏洞,该漏洞程序未能对发送到CLI解释器的命令参数执行充分的输入验证。本地攻击者可通过向受影响的CLI命令注入恶意的命令参数并获取底层操作系统的访问权限利用该漏洞以用户权限执行命令。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos3

Reference
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos3
Impacted products
Name
['Cisco Multilayer Director Switches', 'Cisco Nexus 2000 Series Fabric Extenders', 'Cisco Nexus 3000 Series Switche', 'Cisco Nexus 5000 Series Switches', 'Cisco Nexus 6000 Series Switches', 'Cisco Nexus 7000 Series Switches 0', 'Cisco Nexus 9000 Series Switches in NX-OS mode', 'Cisco Nexus 7700 Series Switches', 'Cisco Nexus 9500 R-Series Line Cards and Fabric Modules']
Show details on source website
To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-12330"
    }
  },
  "description": "Cisco Multilayer Director Switches\u7b49\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco Multilayer Director Switches\u662f\u4e00\u6b3e\u4ea4\u6362\u673a\u4ea7\u54c1\u3002Nexus 2000 Series Fabric Extenders\u662f\u4e00\u6b3eNexus 2000\u7cfb\u5217\u9635\u5217\u6269\u5c55\u5668\u3002NX-OS System Software\u662f\u4f7f\u7528\u5728\u5176\u4e2d\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\u3002CLI\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u547d\u4ee4\u884c\u7a0b\u5e8f\u3002\r\n\r\n\u591a\u6b3eCisco\u4ea7\u54c1\u4e2d\u7684Cisco NX-OS System Software\u7684CLI\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u7a0b\u5e8f\u672a\u80fd\u5bf9\u53d1\u9001\u5230CLI\u89e3\u91ca\u5668\u7684\u547d\u4ee4\u53c2\u6570\u6267\u884c\u5145\u5206\u7684\u8f93\u5165\u9a8c\u8bc1\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411\u53d7\u5f71\u54cd\u7684CLI\u547d\u4ee4\u6ce8\u5165\u6076\u610f\u7684\u547d\u4ee4\u53c2\u6570\u5e76\u83b7\u53d6\u5e95\u5c42\u64cd\u4f5c\u7cfb\u7edf\u7684\u8bbf\u95ee\u6743\u9650\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u7528\u6237\u6743\u9650\u6267\u884c\u547d\u4ee4\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos3",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-36155",
  "openTime": "2017-12-05",
  "patchDescription": "Cisco Multilayer Director Switches\u7b49\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco Multilayer Director Switches\u662f\u4e00\u6b3e\u4ea4\u6362\u673a\u4ea7\u54c1\u3002Nexus 2000 Series Fabric Extenders\u662f\u4e00\u6b3eNexus 2000\u7cfb\u5217\u9635\u5217\u6269\u5c55\u5668\u3002NX-OS System Software\u662f\u4f7f\u7528\u5728\u5176\u4e2d\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\u3002CLI\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u547d\u4ee4\u884c\u7a0b\u5e8f\u3002\r\n\r\n\u591a\u6b3eCisco\u4ea7\u54c1\u4e2d\u7684Cisco NX-OS System Software\u7684CLI\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u7a0b\u5e8f\u672a\u80fd\u5bf9\u53d1\u9001\u5230CLI\u89e3\u91ca\u5668\u7684\u547d\u4ee4\u53c2\u6570\u6267\u884c\u5145\u5206\u7684\u8f93\u5165\u9a8c\u8bc1\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411\u53d7\u5f71\u54cd\u7684CLI\u547d\u4ee4\u6ce8\u5165\u6076\u610f\u7684\u547d\u4ee4\u53c2\u6570\u5e76\u83b7\u53d6\u5e95\u5c42\u64cd\u4f5c\u7cfb\u7edf\u7684\u8bbf\u95ee\u6743\u9650\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u7528\u6237\u6743\u9650\u6267\u884c\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eCisco\u4ea7\u54c1Cisco NX-OS System Software\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Multilayer Director Switches",
      "Cisco Nexus 2000 Series Fabric Extenders",
      "Cisco Nexus 3000 Series Switche",
      "Cisco Nexus 5000 Series Switches",
      "Cisco Nexus 6000 Series Switches",
      "Cisco Nexus 7000 Series Switches 0",
      "Cisco Nexus 9000 Series Switches in NX-OS mode",
      "Cisco Nexus 7700 Series Switches",
      "Cisco Nexus 9500 R-Series Line Cards and Fabric Modules"
    ]
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos3",
  "serverity": "\u4e2d",
  "submitTime": "2017-12-04",
  "title": "\u591a\u6b3eCisco\u4ea7\u54c1Cisco NX-OS System Software\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.