CVE-2017-6650Improper Input Validation in Cisco Nx-os

CWE-20Improper Input ValidationCWE-77Command Injection4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.6%
top 31.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Nx-os
Timeline
PublishedMay 22
Latest updateMay 13

Description

A vulnerability in the Telnet CLI command of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into the Telnet CLI command. An exploit could allow the attacker to read or write arbitrary files at the user's privilege le

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

NVDcisco/nx-os12 versions+11

🔴Vulnerability Details

2
GHSA
GHSA-qmjg-x3m2-w2rj: A vulnerability in the Telnet CLI command of Cisco NX-OS System Software 72022-05-13
CVEList
CVE-2017-6650: A vulnerability in the Telnet CLI command of Cisco NX-OS System Software 72017-05-22

📋Vendor Advisories

1
Cisco
Cisco Nexus Series Switches Telnet CLI Command Injection Vulnerability2017-05-17
CVE-2017-6650 — Improper Input Validation in Cisco | cvebase