How severe is CVE-2017-12333?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.7 out of 10.

What type of vulnerability is CVE-2017-12333?

This is classified as CWE-347, which is a common weakness in software security.

CVE-2017-12333

MEDIUM Year: 2017

CVSS v3 Score

6.7

Medium

CVSS v2 Score

4.6

Medium

Weakness Type

CWE-347

View all →

Vulnerability Description

A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software image. The vulnerability is due to insufficient NX-OS signature verification for software images. An authenticated, local attacker could exploit this vulnerability to bypass signature verification and load a crafted, unsigned software image on a targeted device. The attacker would need valid administrator credentials to perform this exploit. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Unified Computing System Manager. Cisco Bug IDs: CSCvf25045, CSCvf31495.

CVE-2017-12331

MEDIUM

CVSS:6.7(Medium)

A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software patch. The vulnerability is due to insufficient NX-...

CWE-3472017

CVE-2017-8190

MEDIUM

CVSS:6.7(Medium)

FusionSphere OpenStack V100R006C00SPC102(NFV)has an improper verification of cryptographic signature vulnerability. The software does not verify the cryptographic signature. An attacker with high priv...

CWE-3472017

CVE-2018-15374

MEDIUM

CVSS:6.7(Medium)

A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install a malicious software image or file on an affected device. The vulnera...

CWE-3472018

CVE-2019-12649

MEDIUM

CVSS:6.7(Medium)

A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on a...

CWE-3472019

CVE-2019-12662

MEDIUM

CVSS:6.7(Medium)

A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service imag...

CWE-3472019

CVE-2019-1615

MEDIUM

CVSS:6.7(Medium)

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software im...

CWE-3472019

CVE-2017-12333

Vulnerability Description

Related Vulnerabilities

CVE-2017-12331

CVE-2017-8190

CVE-2018-15374

CVE-2019-12649

CVE-2019-12662

CVE-2019-1615