Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-6650

Опубликовано: 22 мая 2017
Источник: nvd
CVSS3: 7.8
CVSS2: 4.6
EPSS Низкий

Описание

A vulnerability in the Telnet CLI command of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into the Telnet CLI command. An exploit could allow the attacker to read or write arbitrary files at the user's privilege level outside of the user's path. Cisco Bug IDs: CSCvb86771.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:cisco:nx-os:7.1\(1\)n1\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:nx-os:7.1\(2\)n1\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:nx-os:7.1\(3\)n1\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:nx-os:7.1\(3\)n1\(2\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:nx-os:7.1\(3\)n1\(2.1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:nx-os:7.1\(3\)n1\(3.12\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:nx-os:7.1\(4\)n1\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:nx-os:7.2\(0\)d1\(0.437\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:nx-os:7.2\(0\)n1\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:nx-os:7.2\(0\)zz\(99.1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:nx-os:7.2\(1\)n1\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:nx-os:7.3\(0\)n1\(1\):*:*:*:*:*:*:*

Одно из

cpe:2.3:h:cisco:nexus_5548up:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_5596t:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_5596up:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_56128p:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_5624q:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_5648q:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_5672up:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_5672up-16g:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_5696q:-:*:*:*:*:*:*:*

EPSS

Процентиль: 68%
0.00577
Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-20
CWE-20

Связанные уязвимости

github логотип

GHSA-qmjg-x3m2-w2rj

CVSS3: 7.8
github
больше 3 лет назад

A vulnerability in the Telnet CLI command of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into the Telnet CLI command. An exploit could allow the attacker to read or write arbitrary files at the user's privilege level outside of the user's path. Cisco Bug IDs: CSCvb86771.

EPSS

Процентиль: 68%
0.00577
Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-20
CWE-20