CVE-2017-12351

Description

A vulnerability in the guest shell feature of Cisco NX-OS System Software could allow an authenticated, local attacker to read and send packets outside the scope of the guest shell container. An attacker would need valid administrator credentials to perform this attack. The vulnerability is due to insufficient internal security measures in the guest shell feature. An attacker could exploit this vulnerability by sending or receiving packets on the device-internal network outside of the guest shell container, aka Unauthorized Internal Interface Access. This vulnerability affects the following products running Cisco NX-OS System Software: Nexus 3000 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCvf33038.

Risk Information

Base Score

5.7

MODERATE

Vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

EPSS Score

Exploitation Probability

0.066

Associated Vulnerability

Vulnerability	OS Platform
Cisco NX-OS System Software Guest Shell Unauthorized Internal Interface Access Vulnerability For Cisco Nexus 9000 Series Switches	NCM
Exposure of Resource to Wrong Sphere Vulnerability (CVE-2017-12351)	NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-1706000	Security Update for Cisco Nexus 9000 Series Switches 15.1(4c)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234