CVE-2017-12341

Name of the Vulnerable Software and Affected Versions Cisco NX-OS System Software versions prior to the fixed version

Description The issue is due to insufficient input validation during the installation of a software patch, allowing an authenticated, local attacker to perform a command injection attack. An attacker would need valid administrator credentials to exploit this. By installing a crafted patch image, an attacker could execute arbitrary commands on an affected system as root. This affects various Cisco products running Cisco NX-OS System Software, including Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 5000 Series Switches, and others.

Recommendations For Cisco NX-OS System Software, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the CLI to minimize the risk of exploitation. Avoid installing crafted patch images until the issue is resolved. There are no other workarounds that address this issue.