var-201705-3669
Vulnerability from variot
A vulnerability in the Telnet CLI command of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into the Telnet CLI command. An exploit could allow the attacker to read or write arbitrary files at the user's privilege level outside of the user's path. Cisco Bug IDs: CSCvb86771. Vendors have confirmed this vulnerability Bug ID CSCvb86771 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Multiple Cisco Products are prone to a local command-injection vulnerability. Cisco NX-OS System Software is a data center operating system running on it
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201705-3669", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "nx-os", scope: "eq", trust: 1.6, vendor: "cisco", version: "7.1\\(3\\)n1\\(2.1\\)", }, { model: "nx-os", scope: "eq", trust: 1.6, vendor: "cisco", version: "7.2\\(0\\)n1\\(1\\)", }, { model: "nx-os", scope: "eq", trust: 1.6, vendor: "cisco", version: "7.3\\(0\\)n1\\(1\\)", }, { model: "nx-os", scope: "eq", trust: 1.6, vendor: "cisco", version: "7.1\\(3\\)n1\\(1\\)", }, { model: "nx-os", scope: "eq", trust: 1.6, vendor: "cisco", version: "7.2\\(1\\)n1\\(1\\)", }, { model: "nx-os", scope: "eq", trust: 1.6, vendor: "cisco", version: "7.1\\(3\\)n1\\(2\\)", }, { model: "nx-os", scope: "eq", trust: 1.6, vendor: "cisco", version: "7.1\\(2\\)n1\\(1\\)", }, { model: "nx-os", scope: "eq", trust: 1.6, vendor: "cisco", version: "7.1\\(4\\)n1\\(1\\)", }, { model: "nx-os", scope: "eq", trust: 1.6, vendor: "cisco", version: "7.1\\(3\\)n1\\(3.12\\)", }, { model: "nx-os", scope: "eq", trust: 1.6, vendor: "cisco", version: "7.2\\(0\\)d1\\(0.437\\)", }, { model: "nx-os", scope: "eq", trust: 1, vendor: "cisco", version: "7.2\\(0\\)zz\\(99.1\\)", }, { model: "nx-os", scope: "eq", trust: 1, vendor: "cisco", version: "7.1\\(1\\)n1\\(1\\)", }, { model: "nx-os", scope: "eq", trust: 0.8, vendor: "cisco", version: "7.1 to 7.3", }, { model: "san-os software", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "nexus series switches", scope: "eq", trust: 0.3, vendor: "cisco", version: "50000", }, { model: "mds nx-os", scope: "eq", trust: 0.3, vendor: "cisco", version: "9000-", }, ], sources: [ { db: "BID", id: "98528", }, { db: "JVNDB", id: "JVNDB-2017-004243", }, { db: "NVD", id: "CVE-2017-6650", }, { db: "CNNVD", id: "CNNVD-201705-899", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:cisco:nx-os:7.2\\(0\\)zz\\(99.1\\):*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:nx-os:7.1\\(3\\)n1\\(3.12\\):*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:nx-os:7.2\\(1\\)n1\\(1\\):*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:nx-os:7.1\\(3\\)n1\\(2.1\\):*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:nx-os:7.2\\(0\\)n1\\(1\\):*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:nx-os:7.3\\(0\\)n1\\(1\\):*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:nx-os:7.1\\(3\\)n1\\(2\\):*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:nx-os:7.2\\(0\\)d1\\(0.437\\):*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:nx-os:7.1\\(3\\)n1\\(1\\):*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:nx-os:7.1\\(4\\)n1\\(1\\):*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:nx-os:7.1\\(2\\)n1\\(1\\):*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:nx-os:7.1\\(1\\)n1\\(1\\):*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:cisco:nexus_5672up-16g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_5648q:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_5596up:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_5548up:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_5624q:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_5596t:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_5696q:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_5672up:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_56128p:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2017-6650", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The vendor reported this issue.", sources: [ { db: "BID", id: "98528", }, ], trust: 0.3, }, cve: "CVE-2017-6650", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Local", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 4.6, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2017-6650", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, id: "VHN-114853", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.1, vectorString: "AV:L/AC:L/AU:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 7.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2017-6650", impactScore: null, integrityImpact: "High", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2017-6650", trust: 1.8, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-201705-899", trust: 0.6, value: "HIGH", }, { author: "VULHUB", id: "VHN-114853", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-114853", }, { db: "JVNDB", id: "JVNDB-2017-004243", }, { db: "NVD", id: "CVE-2017-6650", }, { db: "CNNVD", id: "CNNVD-201705-899", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A vulnerability in the Telnet CLI command of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into the Telnet CLI command. An exploit could allow the attacker to read or write arbitrary files at the user's privilege level outside of the user's path. Cisco Bug IDs: CSCvb86771. Vendors have confirmed this vulnerability Bug ID CSCvb86771 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Multiple Cisco Products are prone to a local command-injection vulnerability. Cisco NX-OS System Software is a data center operating system running on it", sources: [ { db: "NVD", id: "CVE-2017-6650", }, { db: "JVNDB", id: "JVNDB-2017-004243", }, { db: "BID", id: "98528", }, { db: "VULHUB", id: "VHN-114853", }, ], trust: 1.98, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-6650", trust: 2.8, }, { db: "BID", id: "98528", trust: 2, }, { db: "SECTRACK", id: "1038518", trust: 1.7, }, { db: "JVNDB", id: "JVNDB-2017-004243", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201705-899", trust: 0.7, }, { db: "VULHUB", id: "VHN-114853", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-114853", }, { db: "BID", id: "98528", }, { db: "JVNDB", id: "JVNDB-2017-004243", }, { db: "NVD", id: "CVE-2017-6650", }, { db: "CNNVD", id: "CNNVD-201705-899", }, ], }, id: "VAR-201705-3669", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-114853", }, ], trust: 0.6229129349999999, }, last_update_date: "2023-12-18T12:04:08.442000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "cisco-sa-20170517-nss1", trust: 0.8, url: "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170517-nss1", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-004243", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-77", trust: 1.9, }, { problemtype: "CWE-20", trust: 1.1, }, ], sources: [ { db: "VULHUB", id: "VHN-114853", }, { db: "JVNDB", id: "JVNDB-2017-004243", }, { db: "NVD", id: "CVE-2017-6650", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170517-nss1", }, { trust: 1.7, url: "http://www.securityfocus.com/bid/98528", }, { trust: 1.7, url: "http://www.securitytracker.com/id/1038518", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6650", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2017-6650", }, { trust: 0.3, url: "http://www.cisco.com/", }, ], sources: [ { db: "VULHUB", id: "VHN-114853", }, { db: "BID", id: "98528", }, { db: "JVNDB", id: "JVNDB-2017-004243", }, { db: "NVD", id: "CVE-2017-6650", }, { db: "CNNVD", id: "CNNVD-201705-899", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-114853", }, { db: "BID", id: "98528", }, { db: "JVNDB", id: "JVNDB-2017-004243", }, { db: "NVD", id: "CVE-2017-6650", }, { db: "CNNVD", id: "CNNVD-201705-899", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-05-22T00:00:00", db: "VULHUB", id: "VHN-114853", }, { date: "2017-05-17T00:00:00", db: "BID", id: "98528", }, { date: "2017-06-20T00:00:00", db: "JVNDB", id: "JVNDB-2017-004243", }, { date: "2017-05-22T01:29:00.790000", db: "NVD", id: "CVE-2017-6650", }, { date: "2017-05-22T00:00:00", db: "CNNVD", id: "CNNVD-201705-899", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-10-03T00:00:00", db: "VULHUB", id: "VHN-114853", }, { date: "2017-05-17T00:00:00", db: "BID", id: "98528", }, { date: "2017-06-20T00:00:00", db: "JVNDB", id: "JVNDB-2017-004243", }, { date: "2019-10-03T00:03:26.223000", db: "NVD", id: "CVE-2017-6650", }, { date: "2019-10-23T00:00:00", db: "CNNVD", id: "CNNVD-201705-899", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "BID", id: "98528", }, { db: "CNNVD", id: "CNNVD-201705-899", }, ], trust: 0.9, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Cisco Nexus 5000 Runs on a series switch Cisco NX-OS System software Telnet CLI Command injection vulnerability in commands", sources: [ { db: "JVNDB", id: "JVNDB-2017-004243", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-201705-899", }, ], trust: 0.6, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.