How severe is CVE-2017-12340?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.2 out of 10.

What type of vulnerability is CVE-2017-12340?

This is classified as CWE-284, which is a common weakness in software security.

CVE-2017-12340

MEDIUM Year: 2017

CVSS v3 Score

4.2

Medium

CVSS v2 Score

4.6

Medium

Weakness Type

CWE-284

View all →

Vulnerability Description

A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches, Cisco Nexus 7000 Series Switches, and Cisco Nexus 7700 Series Switches could allow an authenticated, local attacker to access the Bash shell of an affected device's operating system, even if the Bash shell is disabled on the system. The vulnerability is due to insufficient sanitization of user-supplied parameters that are passed to certain functions of the Python scripting sandbox of the affected system. An attacker could exploit this vulnerability to escape the scripting sandbox and enter the Bash shell of the operating system with the privileges of the authenticated user for the affected system. To exploit this vulnerability, the attacker must have local access to the affected system and be authenticated to the affected system with administrative or Python execution privileges. Cisco Bug IDs: CSCvd86513.

CVE-2016-5493

MEDIUM

CVSS:4.2(Medium)

Unspecified vulnerability in the Oracle FLEXCUBE Private Banking component in Oracle Financial Services Applications 12.0.1 through 12.0.3 allows remote authenticated users to affect confidentiality a...

CWE-2842016

CVE-2016-8292

MEDIUM

CVSS:4.2(Medium)

Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to ...

CWE-2842016

CVE-2016-9722

MEDIUM

CVSS:4.2(Medium)

IBM QRadar 7.2 and 7.3 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 119737.

CWE-2842016

CVE-2020-1732

MEDIUM

CVSS:4.2(Medium)

A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elyt...

CWE-2842020

CVE-2022-39910

MEDIUM

CVSS:4.2(Medium)

Improper access control vulnerability in Samsung Pass prior to version 4.0.06.7 allow physical attackers to access data of Samsung Pass on a certain state of an unlocked device using pop-up view.

CWE-2842022

CVE-2023-27301

MEDIUM

CVSS:4.2(Medium)

Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-2842023

CVE-2017-12340

Vulnerability Description

Related Vulnerabilities

CVE-2016-5493

CVE-2016-8292

CVE-2016-9722

CVE-2020-1732

CVE-2022-39910

CVE-2023-27301