CVE-2019-12717

Name of the Vulnerable Software and Affected Versions Cisco NX-OS Software (affected versions not specified) Cisco IOS XE (affected versions not specified)

Description The issue exists due to insufficient validation of arguments passed to a specific command related to the virtualization manager (VMAN) in the affected software. This could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. A successful exploit may lead to complete system compromise. The attacker would need valid administrator credentials to exploit this vulnerability.

Recommendations For Cisco NX-OS Software, update to a version that includes the fix for this issue. For Cisco IOS XE, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the VMAN CLI command to minimize the risk of exploitation. Restrict access to the underlying Linux operating system to prevent arbitrary command execution with root privileges.