CVE-2017-12313 : An untrusted search path (aka DLL Preload) vulnerability in the Cisco Network Ac

An untrusted search path (aka DLL Preload) vulnerability in the Cisco Network Academy Packet Tracer software could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a local user with administrative privileges executes the installer in the current working directory where a crafted DLL has been placed by an attacker. The vulnerability is due to incomplete input validation of path and file names of a DLL file before it is loaded. An attacker could exploit this vulnerability by creating a malicious DLL file and installing it in a specific system directory. A successful exploit could allow the attacker to execute commands on the underlying Microsoft Windows host with privileges equivalent to the SYSTEM account. An attacker would need valid user credentials to exploit this vulnerability.

Published 2017-11-16 07:29:01

Updated 2019-10-09 23:22:56

Source Cisco Systems, Inc.

View at NVD, CVE.org

Vulnerability category: File inclusionInput validationExecute code

Products affected by CVE-2017-12313

Cisco » Packet Tracer
cpe:2.3:a:cisco:packet_tracer:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2017-12313

EPSS FAQ

0.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 19 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-12313

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
6.7	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	0.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2017-12313

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)
CWE-426 Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

Assigned by: nvd@nist.gov (Primary)
CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

Assigned by: ykramarz@cisco.com (Secondary)

References for CVE-2017-12313

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-cpt

Cisco Network Academy Packet Tracer DLL Preload Vulnerability
Vendor Advisory
http://www.securityfocus.com/bid/101858

Cisco Network Academy Packet Tracer DLL Loading Local Privilege Escalation Vulnerability
Third Party Advisory;VDB Entry

Jump to

Vulnerability Details : CVE-2017-12313

Products affected by CVE-2017-12313

Exploit prediction scoring system (EPSS) score for CVE-2017-12313

CVSS scores for CVE-2017-12313

CWE ids for CVE-2017-12313

References for CVE-2017-12313