CVE-2017-12261: Input Validation
First published: Thu Nov 02 2017(Updated: )
A vulnerability in the restricted shell of the Cisco Identity Services Engine (ISE) that is accessible via SSH could allow an authenticated, local attacker to run arbitrary CLI commands with elevated privileges. The vulnerability is due to incomplete input validation of the user input for CLI commands issued at the restricted shell. An attacker could exploit this vulnerability by authenticating to the targeted device and executing commands that could lead to elevated privileges. An attacker would need valid user credentials to the device to exploit this vulnerability. The vulnerability affects the following Cisco Identity Services Engine (ISE) products running Release 1.4, 2.0, 2.0.1, 2.1.0: ISE, ISE Express, ISE Virtual Appliance. Cisco Bug IDs: CSCve74916.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Identity Services Engine (ISE) | =1.4 | |
| Cisco Identity Services Engine (ISE) | =2.0 | |
| Cisco Identity Services Engine (ISE) | =2.0.1 | |
| Cisco Identity Services Engine (ISE) | =2.1.0 | |
| Cisco Identity Services Engine Express | =1.4 | |
| Cisco Identity Services Engine Express | =2.0 | |
| Cisco Identity Services Engine Express | =2.0.1 | |
| Cisco Identity Services Engine Express | =2.1.0 | |
| Cisco Identity Services Engine Virtual Appliance | =1.4 | |
| Cisco Identity Services Engine Virtual Appliance | =2.0 | |
| Cisco Identity Services Engine Virtual Appliance | =2.0.1 | |
| Cisco Identity Services Engine Virtual Appliance | =2.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-12261?
The severity of CVE-2017-12261 is classified as high due to its potential to allow authenticated attackers to execute arbitrary commands with elevated privileges.
How do I fix CVE-2017-12261?
To fix CVE-2017-12261, install the latest security patches provided by Cisco for the affected versions of the Cisco Identity Services Engine.
Which versions of Cisco Identity Services Engine are affected by CVE-2017-12261?
CVE-2017-12261 affects Cisco Identity Services Engine versions 1.4, 2.0, 2.0.1, and 2.1.0.
Can CVE-2017-12261 be exploited remotely?
CVE-2017-12261 cannot be exploited remotely as it requires authenticated local access via SSH.
Who can exploit CVE-2017-12261?
CVE-2017-12261 can be exploited by authenticated local attackers who have access to the restricted shell of the Cisco Identity Services Engine.
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/tags
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco identity services engine (ise)
- version/cisco identity services engine (ise)/1.4
- version/cisco identity services engine (ise)/2.0
- version/cisco identity services engine (ise)/2.0.1
- version/cisco identity services engine (ise)/2.1.0
- canonical/cisco identity services engine express
- version/cisco identity services engine express/1.4
- version/cisco identity services engine express/2.0
- version/cisco identity services engine express/2.0.1
- version/cisco identity services engine express/2.1.0
- canonical/cisco identity services engine virtual appliance
- version/cisco identity services engine virtual appliance/1.4
- version/cisco identity services engine virtual appliance/2.0
- version/cisco identity services engine virtual appliance/2.0.1
- version/cisco identity services engine virtual appliance/2.1.0