CVE-2017-12352

Name of the Vulnerable Software and Affected Versions Cisco Application Policy Infrastructure Controllers (affected versions not specified)

Description A vulnerability in system script files installed at boot time could allow an authenticated, local attacker to gain elevated privileges and execute arbitrary commands with root privileges on an affected host operating system. The issue is due to insufficient validation of user-controlled input supplied to certain script files. An attacker could exploit this by submitting crafted input to a script file, allowing them to gain elevated privileges and execute arbitrary commands with root privileges. The attacker would need to authenticate to the affected system using valid administrator credentials.

Recommendations To resolve the issue, apply the fix for Cisco Bug ID: CSCvf57274. At the moment, there is no information about a newer version that contains a fix for this vulnerability.