CVE-2017-12333
Description
A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software image. The vulnerability is due to insufficient NX-OS signature verification for software images. An authenticated, local attacker could exploit this vulnerability to bypass signature verification and load a crafted, unsigned software image on a targeted device. The attacker would need valid administrator credentials to perform this exploit. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Unified Computing System Manager. Cisco Bug IDs: CSCvf25045, CSCvf31495.
Risk Information
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Cisco NX-OS System Software Image Signature Bypass Vulnerability For Cisco MDS 9710 Multilayer Director | NCM |
| Cisco NX-OS System Software Image Signature Bypass Vulnerability For Cisco Nexus 7700 10-Slot Switch | NCM |
| Cisco NX-OS System Software Image Signature Bypass Vulnerability For Cisco Nexus 7700 18-Slot Switch | NCM |
| Cisco NX-OS System Software Image Signature Bypass Vulnerability For Cisco Nexus 7700 6-Slot Switch | NCM |
| Cisco NX-OS System Software Image Signature Bypass Vulnerability For Cisco MDS 9706 Multilayer Director | NCM |
| Cisco NX-OS System Software Image Signature Bypass Vulnerability For Cisco Nexus 7700 2-Slot Switch | NCM |
| Cisco NX-OS System Software Image Signature Bypass Vulnerability For Cisco MDS 9396S 16G Multilayer Fabric Switch | NCM |
| Cisco NX-OS System Software Image Signature Bypass Vulnerability For Cisco MDS 9132T 32-Gbps 32-Port Fibre Channel Switch | NCM |
| Cisco NX-OS System Software Image Signature Bypass Vulnerability For Cisco MDS 9148T 32-Gbps 48-Port Fibre Channel Switch | NCM |
| Cisco NX-OS System Software Image Signature Bypass Vulnerability For Cisco MDS 9396T 32-Gbps 96-Port Fibre Channel Switch | NCM |
| Cisco NX-OS System Software Image Signature Bypass Vulnerability For Cisco Unified Computing System | NCM |
| Improper Verification of Cryptographic Signature Vulnerability (CVE-2017-12333) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1705015 | Security Update for Cisco MDS 9710 Multilayer Director 8.4(2) |
| PATCH-1705017 | Security Update for Cisco Nexus 7700 10-Slot Switch 8.4(2) |
| PATCH-1705018 | Security Update for Cisco Nexus 7700 18-Slot Switch 8.4(2) |
| PATCH-1705019 | Security Update for Cisco Nexus 7700 6-Slot Switch 8.4(2) |
| PATCH-1705021 | Security Update for Cisco MDS 9706 Multilayer Director 8.4(2) |
| PATCH-1705022 | Security Update for Cisco Nexus 7700 2-Slot Switch 8.4(2) |
| PATCH-1705023 | Security Update for Cisco MDS 9396S 16G Multilayer Fabric Switch 8.4(2) |
| PATCH-1705024 | Security Update for Cisco MDS 9132T 32-Gbps 32-Port Fibre Channel Switch 8.4(2) |
| PATCH-1705025 | Security Update for Cisco MDS 9148T 32-Gbps 48-Port Fibre Channel Switch 8.4(2) |
| PATCH-1705026 | Security Update for Cisco MDS 9396T 32-Gbps 96-Port Fibre Channel Switch 8.4(2) |
| PATCH-1706036 | Security Update for Cisco Unified Computing System 3.2(1d) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234