CVE-2017-12786
published 2017-08-22CVE-2017-12786: Network interfaces of the cliengine and noviengine services, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch…
PriorityP180critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
25.26%
97.7th percentile
Network interfaces of the cliengine and noviengine services, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because there is a stack-based buffer overflow during unserialization of packet data.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| noviflow | noviware | <= 400.2.6 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect stack-based buffer overflow exploitation attempts against NoviWare cliengine/noviengine services via oversized unserialization payloads on exposed network interfaces ↗
- →Look for exploit payloads with little-endian packed header structure: 4-byte zero, 4-byte length field (len+16), 8-byte zero QWord, followed by 408 repetitions of 0x04000000+'AAAA' — indicative of the PoC buffer overflow pattern ↗
- →A service crash followed by watchdog-triggered restart on NoviSwitch devices may indicate an in-progress exploitation attempt against CVE-2017-12786 ↗
- ·The vulnerable network interfaces are only exposed when an operator actively attempts to modify ACLs — detection windows are tied to ACL change events ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2017-08-22
Published