CVE-2017-12255 - AskarLabs CVE Database

CVE-2017-12255

Vendor N/A

Product Cisco UCS Central Software

Weakness CWE-20 · Input validation

Published September 21, 2017

Last update August 5, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacker to gain shell access. The vulnerability is due to insufficient input validation of commands entered in the CLI, aka a Restricted Shell Break Vulnerability. An attacker could exploit this vulnerability by entering a specific command with crafted arguments. An exploit could allow the attacker to gain shell access to the underlying system. Cisco Bug IDs: CSCve70762.

Key dates

02Disclosure timeline

September 21, 2017 CVE published

August 5, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2017-12255

Related vulnerabilities

04Related CVE

CVE-2023-21607 Adobe Acrobat Reader Improper Input Validation Remote Code Execution Vulnerability CVE-2023-38704 import-in-the-middle allows unsanitized user controlled input in module generation CVE-2021-22286 SECURITY – Denial of Service Vulnerabilities in SPIET800 INFI-Net to Ethernet Transfer module and PNI800 S+ Ethernet communication interface module CVE-2022-39863 CVE-2022-39312 Dataease Mysql Data Source JDBC Connection Parameters Not Verified Leads to Deserialization Vulnerability