Cisco NX-OS Patch Installation unrestricted upload

Summaryinfo

A vulnerability was found in Cisco NX-OS. It has been rated as problematic. The affected element is an unknown function of the component Patch Installation. Performing a manipulation results in unrestricted upload. This vulnerability is identified as CVE-2017-12332. The attack is only possible with local access. There is not any exploit available. Upgrading the affected component is advised.

Detailsinfo

A vulnerability classified as problematic has been found in Cisco NX-OS (Router Operating System) (version unknown). This affects an unknown function of the component Patch Installation. The manipulation with an unknown input leads to a unrestricted upload vulnerability. CWE is classifying the issue as CWE-434. The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. This is going to have an impact on integrity, and availability. The summary by CVE is:

A vulnerability in Cisco NX-OS System Software patch installation could allow an authenticated, local attacker to write a file to arbitrary locations. The vulnerability is due to insufficient restrictions in the patch installation process. An attacker could exploit this vulnerability by installing a crafted patch image on an affected device. The vulnerable operation occurs prior to patch activation. An exploit could allow the attacker to write arbitrary files on an affected system as root. The attacker would need valid administrator credentials to perform this exploit. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Unified Computing System Manager. Cisco Bug IDs: CSCvf16513, CSCvf23794, CSCvf23832.

The bug was discovered 11/29/2017. The weakness was released 11/30/2017 with Cisco as cisco-sa-20171129-nxos1 as confirmed advisory (Website). The advisory is shared at tools.cisco.com. This vulnerability is uniquely identified as CVE-2017-12332 since 08/03/2017. An attack has to be approached locally. The successful exploitation requires a authentication. Neither technical details nor an exploit are publicly available. MITRE ATT&CK project uses the attack technique T1608.002 for this issue.

The vulnerability was handled as a non-public zero-day exploit for at least 1 days. During that time the estimated underground price was around $5k-$25k. The commercial vulnerability scanner Qualys is able to test this issue with plugin 316199 (Cisco NX-OS System Software Patch Installation Arbitrary File Write Vulnerability (cisco-sa-20171129-nxos1)).

Upgrading eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at SecurityFocus (BID 102160†). Entries connected to this vulnerability are available at VDB-110065, VDB-110064, VDB-110063 and VDB-110062. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Productinfo

Type

• Router Operating System

Vendor

• Cisco

Name

• NX-OS

License

• commercial

Website

• Vendor: https://www.cisco.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Discussion