What is CVE-2017-12352?

CVE-2017-12352 is a medium-severity vulnerability in Cisco Application_policy_infrastructure_controller, classified under Command Injection. CVSS score: 6.7/10. Published 2017-11-30.

How severe is CVE-2017-12352?

Medium severity. CVSS v3 base score is 6.7 out of 10.

RCE in Cisco Application_policy_infrastructure_controller

CVE-2017-12352

A vulnerability in certain system script files that are installed at boot time on Cisco Application Policy Infrastructure Controllers could allow an authenticated, local attacker to gain elevated privileges and execute arbitrary commands w…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.001 (26.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.7 (Medium). Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Cisco Application_policy_infrastructure_controller — versions 2.3\(1f\)
N/a Cisco Application Policy Infrastructure Controller — versions Cisco Application Policy Infrastructure Controller

Weakness classification (CWE)

CWE-77 — Command Injection

References

psirt@cisco.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
psirt@cisco.com (x_refsource_CONFIRM, Vendor Advisory)
psirt@cisco.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2017-12352?: CVE-2017-12352 is a medium-severity vulnerability in Cisco Application_policy_infrastructure_controller, classified under Command Injection. CVSS score: 6.7/10. Published 2017-11-30.
How severe is CVE-2017-12352?: Medium severity. CVSS v3 base score is 6.7 out of 10.