CVE-2017-6650

A vulnerability in the Telnet CLI command of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into the Telnet CLI command. An exploit could allow the attacker to read or write arbitrary files at the user's privilege level outside of the user's path. Cisco Bug IDs: CSCvb86771.

CVSS v3 7.8 HIGH
CVSS v2.0 4.6 MEDIUM

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.6^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/98528	Third Party Advisory Vendor Advisory
http://www.securitytracker.com/id/1038518
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-nss1	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:cisco:nx-os:7.1\(1\)n1\(1\):::::::*
	cpe:2.3:o:cisco:nx-os:7.1\(2\)n1\(1\):::::::*
	cpe:2.3:o:cisco:nx-os:7.1\(3\)n1\(1\):::::::*
	cpe:2.3:o:cisco:nx-os:7.1\(3\)n1\(2\):::::::*
	cpe:2.3:o:cisco:nx-os:7.1\(3\)n1\(2.1\):::::::*
	cpe:2.3:o:cisco:nx-os:7.1\(3\)n1\(3.12\):::::::*
	cpe:2.3:o:cisco:nx-os:7.1\(4\)n1\(1\):::::::*
	cpe:2.3:o:cisco:nx-os:7.2\(0\)d1\(0.437\):::::::*
	cpe:2.3:o:cisco:nx-os:7.2\(0\)n1\(1\):::::::*
	cpe:2.3:o:cisco:nx-os:7.2\(0\)zz\(99.1\):::::::*
	cpe:2.3:o:cisco:nx-os:7.2\(1\)n1\(1\):::::::*
	cpe:2.3:o:cisco:nx-os:7.3\(0\)n1\(1\):::::::*

OR	cpe:2.3:h:cisco:nexus_5548up:-:::::::*
	cpe:2.3:h:cisco:nexus_5596t:-:::::::*
	cpe:2.3:h:cisco:nexus_5596up:-:::::::*
	cpe:2.3:h:cisco:nexus_56128p:-:::::::*
	cpe:2.3:h:cisco:nexus_5624q:-:::::::*
	cpe:2.3:h:cisco:nexus_5648q:-:::::::*
	cpe:2.3:h:cisco:nexus_5672up:-:::::::*
	cpe:2.3:h:cisco:nexus_5672up-16g:-:::::::*
	cpe:2.3:h:cisco:nexus_5696q:-:::::::*

History

No history.

Information

Published : 2017-05-22 01:29

Updated : 2024-02-04 19:11

NVD link : CVE-2017-6650

Mitre link : CVE-2017-6650

CVE.ORG link : CVE-2017-6650

JSON object : View

Products Affected

cisco

nexus_5624q
nexus_56128p
nexus_5648q
nexus_5548up
nexus_5672up-16g
nexus_5696q
nexus_5672up
nx-os
nexus_5596up
nexus_5596t

CWE

CWE-20

Improper Input Validation

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

7.8 /10