CVE-2017-12340

Name of the Vulnerable Software and Affected Versions Cisco NX-OS System Software (affected versions not specified)

Description A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to access the Bash shell of an affected device's operating system, even if the Bash shell is disabled on the system. The issue is due to insufficient sanitization of user-supplied parameters passed to certain functions of the Python scripting sandbox. An attacker could exploit this vulnerability to escape the scripting sandbox and enter the Bash shell of the operating system with the privileges of the authenticated user. To exploit this vulnerability, the attacker must have local access to the affected system and be authenticated to the affected system with administrative or Python execution privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.