Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2017-6649

Published: 22/05/2017 Updated: 03/10/2019
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 409
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Cisco

Vulnerability Summary

A vulnerability in the CLI of Cisco NX-OS System Software 7.1 up to and including 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local malicious user to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the malicious user to read or write arbitrary files at the user's privilege level outside of the user's path. Cisco Bug IDs: CSCvb86787, CSCve60516, CSCve60555.

Vulnerable Product Search on Vulmon Subscribe to Product

cisco nx-os 7.1\\(1\\)n1\\(1\\)

cisco nx-os 7.2\\(0\\)zz\\(99.1\\)

cisco nx-os 7.1\\(3\\)n1\\(2\\)

cisco nx-os 7.2\\(1\\)n1\\(1\\)

cisco nx-os 7.1\\(3\\)n1\\(1\\)

cisco nx-os 7.1\\(4\\)n1\\(1\\)

cisco nx-os 7.2\\(0\\)n1\\(1\\)

cisco nx-os 7.3\\(0\\)n1\\(1\\)

cisco nx-os 7.1\\(3\\)n1\\(3.12\\)

cisco nx-os 7.2\\(0\\)d1\\(0.437\\)

cisco nx-os 7.1\\(3\\)n1\\(2.1\\)

cisco nx-os 7.1\\(2\\)n1\\(1\\)

Vendor Advisories

Cisco: Cisco Nexus Series Switches CLI Command Injection Vulnerability
A vulnerability in the CLI of Cisco NX-OS System Software running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack The vulnerability is due to insufficient input validation of command arguments An attacker could exploit this vulnerability by injecting crafted command arguments into ...

References

CWE-20CWE-77https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-nsshttp://www.securityfocus.com/bid/98531http://www.securitytracker.com/id/1038518https://nvd.nist.govhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-nss
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook