Noviflow Noviware vulnerabilities
4 known vulnerabilities affecting noviflow/noviware.
Total CVEs
4
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH1
Vulnerabilities
Page 1 of 1
CVE-2017-12786P1CRITICALCVSS 9.8PoC≤ 400.2.62017-08-22
CVE-2017-12786 [CRITICAL] CWE-119 CVE-2017-12786: Network interfaces of the cliengine and noviengine services, included in the NoviWare software distr
Network interfaces of the cliengine and noviengine services, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to g
nvd
CVE-2017-12787P1CRITICALCVSS 9.8PoC≤ 400.2.62017-08-22
CVE-2017-12787 [CRITICAL] CWE-119 CVE-2017-12787: A network interface of the novi_process_manager_daemon service, included in the NoviWare software di
A network interface of the novi_process_manager_daemon service, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers t
nvd
CVE-2017-12785P2CRITICALCVSS 9.8PoC≤ 400.2.62017-08-22
CVE-2017-12785 [CRITICAL] CWE-119 CVE-2017-12785: The novish command-line interface, included in the NoviWare software distribution through NW400.2.6
The novish command-line interface, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, is prone to a buffer overflow in the "show log cli" command. This could be used by a read-only user (monitor role) to gain privileged (root) code execution on the switch via command injection.
nvd
CVE-2020-13122P2HIGHCVSS 8.8≤ nw500.2.122020-08-17
CVE-2020-13122 [HIGH] CWE-78 CVE-2020-13122: The novish command-line interface, included in NoviFlow NoviWare before NW500.2.12 and deployed on N
The novish command-line interface, included in NoviFlow NoviWare before NW500.2.12 and deployed on NoviSwitch devices, is vulnerable to command injection in the "show status destination ipaddr" command. This could be used by a read-only user (monitoring group) or admin to execute commands on the operating system.
nvd