Описание
The novish command-line interface, included in NoviFlow NoviWare before NW500.2.12 and deployed on NoviSwitch devices, is vulnerable to command injection in the "show status destination ipaddr" command. This could be used by a read-only user (monitoring group) or admin to execute commands on the operating system.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до nw500.2.12 (включая)
cpe:2.3:o:noviflow:noviware:*:*:*:*:*:*:*:*
EPSS
Процентиль: 92%
0.07496
Низкий
8.8 High
CVSS3
8 High
CVSS2
Дефекты
CWE-78
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
The novish command-line interface, included in NoviFlow NoviWare before NW500.2.12 and deployed on NoviSwitch devices, is vulnerable to command injection in the "show status destination ipaddr" command. This could be used by a read-only user (monitoring group) or admin to execute commands on the operating system.
EPSS
Процентиль: 92%
0.07496
Низкий
8.8 High
CVSS3
8 High
CVSS2
Дефекты
CWE-78