CVE-2017-12331
Description
A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software patch. The vulnerability is due to insufficient NX-OS signature verification for software patches. An authenticated, local attacker could exploit this vulnerability to bypass signature verification and load a crafted, unsigned software patch on a targeted device. The attacker would need valid administrator credentials to perform this exploit. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Unified Computing System Manager. Cisco Bug IDs: CSCvf16494, CSCvf23655.
Risk Information
Base Score
6.7
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.035
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Cisco NX-OS System Software Patch Signature Bypass Vulnerability For Cisco Nexus 7000 10-Slot Switch | NCM |
| Cisco NX-OS System Software Patch Signature Bypass Vulnerability For Cisco Nexus 7000 18-Slot Switch | NCM |
| Cisco NX-OS System Software Patch Signature Bypass Vulnerability For Cisco Nexus 7000 9-Slot Switch | NCM |
| Cisco NX-OS System Software Patch Signature Bypass Vulnerability For Cisco Nexus 7000 4-Slot Switch | NCM |
| Cisco NX-OS System Software Patch Signature Bypass Vulnerability For Cisco MDS 9710 Multilayer Director | NCM |
| Cisco NX-OS System Software Patch Signature Bypass Vulnerability For Cisco MDS 9250i Multiservice Fabric Switch | NCM |
| Cisco NX-OS System Software Patch Signature Bypass Vulnerability For Cisco Nexus 7700 10-Slot Switch | NCM |
| Cisco NX-OS System Software Patch Signature Bypass Vulnerability For Cisco Nexus 7700 18-Slot Switch | NCM |
| Cisco NX-OS System Software Patch Signature Bypass Vulnerability For Cisco Nexus 7700 6-Slot Switch | NCM |
| Cisco NX-OS System Software Patch Signature Bypass Vulnerability For Cisco MDS 9148S 16G Multilayer Fabric Switch | NCM |
| Cisco NX-OS System Software Patch Signature Bypass Vulnerability For Cisco MDS 9706 Multilayer Director | NCM |
| Cisco NX-OS System Software Patch Signature Bypass Vulnerability For Cisco Nexus 7700 2-Slot Switch | NCM |
| Cisco NX-OS System Software Patch Signature Bypass Vulnerability For Cisco MDS 9396S 16G Multilayer Fabric Switch | NCM |
| Cisco NX-OS System Software Patch Signature Bypass Vulnerability For Cisco MDS 9132T 32-Gbps 32-Port Fibre Channel Switch | NCM |
| Cisco NX-OS System Software Patch Signature Bypass Vulnerability For Cisco MDS 9148T 32-Gbps 48-Port Fibre Channel Switch | NCM |
| Cisco NX-OS System Software Patch Signature Bypass Vulnerability For Cisco MDS 9396T 32-Gbps 96-Port Fibre Channel Switch | NCM |
| Cisco NX-OS System Software Patch Signature Bypass Vulnerability For Cisco Unified Computing System | NCM |
| Improper Verification of Cryptographic Signature Vulnerability (CVE-2017-12331) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1705011 | Security Update for Cisco Nexus 7000 10-Slot Switch 8.4(2) |
| PATCH-1705012 | Security Update for Cisco Nexus 7000 18-Slot Switch 8.4(2) |
| PATCH-1705013 | Security Update for Cisco Nexus 7000 9-Slot Switch 8.4(2) |
| PATCH-1705014 | Security Update for Cisco Nexus 7000 4-Slot Switch 8.4(2) |
| PATCH-1705015 | Security Update for Cisco MDS 9710 Multilayer Director 8.4(2) |
| PATCH-1705016 | Security Update for Cisco MDS 9250i Multiservice Fabric Switch 8.4(2) |
| PATCH-1705017 | Security Update for Cisco Nexus 7700 10-Slot Switch 8.4(2) |
| PATCH-1705018 | Security Update for Cisco Nexus 7700 18-Slot Switch 8.4(2) |
| PATCH-1705019 | Security Update for Cisco Nexus 7700 6-Slot Switch 8.4(2) |
| PATCH-1705020 | Security Update for Cisco MDS 9148S 16G Multilayer Fabric Switch 8.4(2) |
| PATCH-1705021 | Security Update for Cisco MDS 9706 Multilayer Director 8.4(2) |
| PATCH-1705022 | Security Update for Cisco Nexus 7700 2-Slot Switch 8.4(2) |
| PATCH-1705023 | Security Update for Cisco MDS 9396S 16G Multilayer Fabric Switch 8.4(2) |
| PATCH-1705024 | Security Update for Cisco MDS 9132T 32-Gbps 32-Port Fibre Channel Switch 8.4(2) |
| PATCH-1705025 | Security Update for Cisco MDS 9148T 32-Gbps 48-Port Fibre Channel Switch 8.4(2) |
| PATCH-1705026 | Security Update for Cisco MDS 9396T 32-Gbps 96-Port Fibre Channel Switch 8.4(2) |
| PATCH-1706036 | Security Update for Cisco Unified Computing System 3.2(1d) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234