cnvd - cnvd-2017-32930

cnvd-2017-32930

Vulnerability from cnvd

Title: 多款Cisco产品权限提升漏洞

Description:

Cisco Identity Services Engine（ISE）是美国思科（Cisco）公司的一款基于身份的环境感知平台（ISE身份服务引擎）。该平台通过收集网络、用户和设备中的实时信息，制定并实施相应策略来监管网络。ISE Express是它的精简版。ISE Virtual Appliance是一款ISE虚拟设备。Active Directory integration是其中的一个活动目录组件。

多款Cisco产品中的受限制的shell存在权限提升漏洞，该漏洞源于程序未能验证用户的输入。本地攻击者可利用该漏洞以提升的权限执行任意CLI命令。

Severity: 高

Patch Name: 多款Cisco产品权限提升漏洞的补丁

Patch Description:

多款Cisco产品中的受限制的shell存在权限提升漏洞，该漏洞源于程序未能验证用户的输入。本地攻击者可利用该漏洞以提升的权限执行任意CLI命令。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-ise

Reference: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-ise

Impacted products

Name
['Cisco Identity Services Engine (ISE) 1.4', 'Cisco Identity Services Engine (ISE) 2.0', 'Cisco Identity Services Engine (ISE) 2.0.1', 'Cisco Identity Services Engine (ISE) 2.1.0', 'Cisco ISE Virtual Appliance 1.4', 'Cisco ISE Virtual Appliance 2.0', 'Cisco ISE Virtual Appliance 2.0.1', 'Cisco ISE Virtual Appliance 2.1.0', 'Cisco ISE Express 1.4', 'Cisco ISE Express 2.0', 'Cisco ISE Express 2.0.1', 'Cisco ISE Express 2.1.0']

Name

['Cisco Identity Services Engine (ISE) 1.4', 'Cisco Identity Services Engine (ISE) 2.0', 'Cisco Identity Services Engine (ISE) 2.0.1', 'Cisco Identity Services Engine (ISE) 2.1.0', 'Cisco ISE Virtual Appliance 1.4', 'Cisco ISE Virtual Appliance 2.0', 'Cisco ISE Virtual Appliance 2.0.1', 'Cisco ISE Virtual Appliance 2.1.0', 'Cisco ISE Express 1.4', 'Cisco ISE Express 2.0', 'Cisco ISE Express 2.0.1', 'Cisco ISE Express 2.1.0']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "101641"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-12261"
    }
  },
  "description": "Cisco Identity Services Engine\uff08ISE\uff09\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u57fa\u4e8e\u8eab\u4efd\u7684\u73af\u5883\u611f\u77e5\u5e73\u53f0\uff08ISE\u8eab\u4efd\u670d\u52a1\u5f15\u64ce\uff09\u3002\u8be5\u5e73\u53f0\u901a\u8fc7\u6536\u96c6\u7f51\u7edc\u3001\u7528\u6237\u548c\u8bbe\u5907\u4e2d\u7684\u5b9e\u65f6\u4fe1\u606f\uff0c\u5236\u5b9a\u5e76\u5b9e\u65bd\u76f8\u5e94\u7b56\u7565\u6765\u76d1\u7ba1\u7f51\u7edc\u3002ISE Express\u662f\u5b83\u7684\u7cbe\u7b80\u7248\u3002ISE Virtual Appliance\u662f\u4e00\u6b3eISE\u865a\u62df\u8bbe\u5907\u3002Active Directory integration\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u6d3b\u52a8\u76ee\u5f55\u7ec4\u4ef6\u3002\r\n\r\n\u591a\u6b3eCisco\u4ea7\u54c1\u4e2d\u7684\u53d7\u9650\u5236\u7684shell\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u9a8c\u8bc1\u7528\u6237\u7684\u8f93\u5165\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u63d0\u5347\u7684\u6743\u9650\u6267\u884c\u4efb\u610fCLI\u547d\u4ee4\u3002",
  "discovererName": "Anonymous security researcher.",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-ise",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-32930",
  "openTime": "2017-11-07",
  "patchDescription": "Cisco Identity Services Engine\uff08ISE\uff09\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u57fa\u4e8e\u8eab\u4efd\u7684\u73af\u5883\u611f\u77e5\u5e73\u53f0\uff08ISE\u8eab\u4efd\u670d\u52a1\u5f15\u64ce\uff09\u3002\u8be5\u5e73\u53f0\u901a\u8fc7\u6536\u96c6\u7f51\u7edc\u3001\u7528\u6237\u548c\u8bbe\u5907\u4e2d\u7684\u5b9e\u65f6\u4fe1\u606f\uff0c\u5236\u5b9a\u5e76\u5b9e\u65bd\u76f8\u5e94\u7b56\u7565\u6765\u76d1\u7ba1\u7f51\u7edc\u3002ISE Express\u662f\u5b83\u7684\u7cbe\u7b80\u7248\u3002ISE Virtual Appliance\u662f\u4e00\u6b3eISE\u865a\u62df\u8bbe\u5907\u3002Active Directory integration\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u6d3b\u52a8\u76ee\u5f55\u7ec4\u4ef6\u3002\r\n\r\n\u591a\u6b3eCisco\u4ea7\u54c1\u4e2d\u7684\u53d7\u9650\u5236\u7684shell\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u9a8c\u8bc1\u7528\u6237\u7684\u8f93\u5165\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u63d0\u5347\u7684\u6743\u9650\u6267\u884c\u4efb\u610fCLI\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eCisco\u4ea7\u54c1\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Identity Services Engine (ISE) 1.4",
      "Cisco Identity Services Engine (ISE)  2.0",
      "Cisco Identity Services Engine (ISE)  2.0.1",
      "Cisco Identity Services Engine (ISE)  2.1.0",
      "Cisco ISE Virtual Appliance 1.4",
      "Cisco ISE Virtual Appliance  2.0",
      "Cisco ISE Virtual Appliance  2.0.1",
      "Cisco ISE Virtual Appliance  2.1.0",
      "Cisco ISE Express 1.4",
      "Cisco ISE Express  2.0",
      "Cisco ISE Express  2.0.1",
      "Cisco ISE Express  2.1.0"
    ]
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-ise",
  "serverity": "\u9ad8",
  "submitTime": "2017-11-02",
  "title": "\u591a\u6b3eCisco\u4ea7\u54c1\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

CVE-2017-12261 (GCVE-0-2017-12261)

Vulnerability from cvelistv5

Published

2017-11-02 16:00

Modified

2024-08-05 18:28

Severity ?

CWE

CWE-264

Summary

A vulnerability in the restricted shell of the Cisco Identity Services Engine (ISE) that is accessible via SSH could allow an authenticated, local attacker to run arbitrary CLI commands with elevated privileges. The vulnerability is due to incomplete input validation of the user input for CLI commands issued at the restricted shell. An attacker could exploit this vulnerability by authenticating to the targeted device and executing commands that could lead to elevated privileges. An attacker would need valid user credentials to the device to exploit this vulnerability. The vulnerability affects the following Cisco Identity Services Engine (ISE) products running Release 1.4, 2.0, 2.0.1, 2.1.0: ISE, ISE Express, ISE Virtual Appliance. Cisco Bug IDs: CSCve74916.

References

▼	URL	Tags
	http://www.securityfocus.com/bid/101641	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1039717	vdb-entry, x_refsource_SECTRACK
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-ise	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	Cisco Identity Services Engine	Version: Cisco Identity Services Engine

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:28:16.789Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "101641",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101641"
          },
          {
            "name": "1039717",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039717"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-ise"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Identity Services Engine",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco Identity Services Engine"
            }
          ]
        }
      ],
      "datePublic": "2017-11-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the restricted shell of the Cisco Identity Services Engine (ISE) that is accessible via SSH could allow an authenticated, local attacker to run arbitrary CLI commands with elevated privileges. The vulnerability is due to incomplete input validation of the user input for CLI commands issued at the restricted shell. An attacker could exploit this vulnerability by authenticating to the targeted device and executing commands that could lead to elevated privileges. An attacker would need valid user credentials to the device to exploit this vulnerability. The vulnerability affects the following Cisco Identity Services Engine (ISE) products running Release 1.4, 2.0, 2.0.1, 2.1.0: ISE, ISE Express, ISE Virtual Appliance. Cisco Bug IDs: CSCve74916."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-264",
              "description": "CWE-264",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-03T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "101641",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101641"
        },
        {
          "name": "1039717",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039717"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-ise"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-12261",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Identity Services Engine",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco Identity Services Engine"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the restricted shell of the Cisco Identity Services Engine (ISE) that is accessible via SSH could allow an authenticated, local attacker to run arbitrary CLI commands with elevated privileges. The vulnerability is due to incomplete input validation of the user input for CLI commands issued at the restricted shell. An attacker could exploit this vulnerability by authenticating to the targeted device and executing commands that could lead to elevated privileges. An attacker would need valid user credentials to the device to exploit this vulnerability. The vulnerability affects the following Cisco Identity Services Engine (ISE) products running Release 1.4, 2.0, 2.0.1, 2.1.0: ISE, ISE Express, ISE Virtual Appliance. Cisco Bug IDs: CSCve74916."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "101641",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101641"
            },
            {
              "name": "1039717",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039717"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-ise",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-ise"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-12261",
    "datePublished": "2017-11-02T16:00:00",
    "dateReserved": "2017-08-03T00:00:00",
    "dateUpdated": "2024-08-05T18:28:16.789Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted