CVE-2017-12338 : Security Advisory and Response

A weakness has been identified in the Command Line Interface (CLI) of Cisco NX-OS System Software that could allow a local, authenticated attacker to gain access to the contents of various files.

Understanding CVE-2017-12338

What is CVE-2017-12338?

This vulnerability in Cisco NX-OS System Software allows a local attacker to read arbitrary files by exploiting insufficient input validation in a specific CLI command.

The Impact of CVE-2017-12338

The vulnerability could grant unauthorized access to read arbitrary files stored on the local file system, affecting various Cisco products running NX-OS System Software.

Technical Details of CVE-2017-12338

Vulnerability Description

Insufficient input validation in a specific CLI command
Allows a local attacker to read arbitrary files

Affected Systems and Versions

Multilayer Director Switches
Nexus 2000 Series Fabric Extenders
Nexus 3000 Series Switches
Nexus 5000 Series Switches
Nexus 5500 Platform Switches
Nexus 5600 Platform Switches
Nexus 6000 Series Switches
Nexus 7000 Series Switches
Nexus 7700 Series Switches
Nexus 9000 Series Fabric Switches (ACI mode)
Nexus 9000 Series Switches (standalone NX-OS mode)
Nexus 9500 R-Series Line Cards and Fabric Modules
Unified Computing System Manager

Exploitation Mechanism

Attacker executes a carefully crafted command via the CLI
Vulnerability could allow reading files from any VDC on products supporting multiple virtual device contexts

Mitigation and Prevention

Immediate Steps to Take

Apply the latest security updates from Cisco
Restrict CLI access to trusted users
Monitor and review CLI commands for unusual activities

Long-Term Security Practices

Regularly review and update access control policies
Conduct security training for staff on identifying and reporting suspicious activities

Patching and Updates

Cisco has released patches to address this vulnerability
Ensure timely installation of patches to secure the affected systems