CVE-2017-12342

Name of the Vulnerable Software and Affected Versions Cisco Nexus Series Switches (affected versions not specified)

Description A vulnerability in the Open Agent Container (OAC) feature could allow an unauthenticated, local attacker to read and send packets outside the scope of the OAC. The issue is due to insufficient internal security measures in the OAC feature. An attacker could exploit this by crafting specific packets for communication on the device-internal network, potentially allowing them to run code on the underlying host operating system. The OAC feature is not enabled by default and requires an administrator to install and activate it for a device to be vulnerable.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.