Sign-up

ID

VAR-201705-3669


CVE

CVE-2017-6650


TITLE

Cisco Nexus 5000 Runs on a series switch Cisco NX-OS System software Telnet CLI Command injection vulnerability in commands

Trust: 0.8

sources: JVNDB: JVNDB-2017-004243

DESCRIPTION

A vulnerability in the Telnet CLI command of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into the Telnet CLI command. An exploit could allow the attacker to read or write arbitrary files at the user's privilege level outside of the user's path. Cisco Bug IDs: CSCvb86771. Vendors have confirmed this vulnerability Bug ID CSCvb86771 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Multiple Cisco Products are prone to a local command-injection vulnerability. Cisco NX-OS System Software is a data center operating system running on it

Trust: 1.98

sources: NVD: CVE-2017-6650 // JVNDB: JVNDB-2017-004243 // BID: 98528 // VULHUB: VHN-114853

AFFECTED PRODUCTS

vendor:ciscomodel:nx-osscope:eqversion:7.1\(2\)n1\(1\)

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:7.1\(3\)n1\(1\)

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:7.3\(0\)n1\(1\)

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:7.1\(3\)n1\(2\)

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:7.1\(4\)n1\(1\)

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:7.2\(0\)d1\(0.437\)

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:7.2\(1\)n1\(1\)

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:7.1\(3\)n1\(2.1\)

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:7.1\(3\)n1\(3.12\)

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:7.2\(0\)n1\(1\)

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:7.2\(0\)zz\(99.1\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:eqversion:7.1\(1\)n1\(1\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:eqversion:7.1 to 7.3

Trust: 0.8

vendor:ciscomodel:san-os softwarescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:nexus series switchesscope:eqversion:50000

Trust: 0.3

vendor:ciscomodel:mds nx-osscope:eqversion:9000-

Trust: 0.3

sources: BID: 98528 // JVNDB: JVNDB-2017-004243 // CNNVD: CNNVD-201705-899 // NVD: CVE-2017-6650

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6650
value: HIGH

Trust: 1.0

NVD: CVE-2017-6650
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201705-899
value: HIGH

Trust: 0.6

VULHUB: VHN-114853
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6650
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114853
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6650
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114853 // JVNDB: JVNDB-2017-004243 // CNNVD: CNNVD-201705-899 // NVD: CVE-2017-6650

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.9

problemtype:CWE-20

Trust: 1.1

sources: VULHUB: VHN-114853 // JVNDB: JVNDB-2017-004243 // NVD: CVE-2017-6650

THREAT TYPE

local

Trust: 0.9

sources: BID: 98528 // CNNVD: CNNVD-201705-899

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-201705-899

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-004243

PATCH
title:cisco-sa-20170517-nss1url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-nss1
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-004243

EXTERNAL IDS
db:NVDid:CVE-2017-6650
Trust: 2.8
db:BIDid:98528
Trust: 2.0
db:SECTRACKid:1038518
Trust: 1.7
db:JVNDBid:JVNDB-2017-004243
Trust: 0.8
db:CNNVDid:CNNVD-201705-899
Trust: 0.7
db:VULHUBid:VHN-114853
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114853 // 
            
            
            
            BID: 98528 // 
            
            
            
            JVNDB: JVNDB-2017-004243 // 
            
            
            
            CNNVD: CNNVD-201705-899 // 
            
            
            
            NVD: CVE-2017-6650

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170517-nss1
Trust: 2.0
url:http://www.securityfocus.com/bid/98528
Trust: 1.7
url:http://www.securitytracker.com/id/1038518
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6650
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6650
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-114853 // 
            
            
            
            BID: 98528 // 
            
            
            
            JVNDB: JVNDB-2017-004243 // 
            
            
            
            CNNVD: CNNVD-201705-899 // 
            
            
            
            NVD: CVE-2017-6650

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 98528

SOURCES
db:VULHUBid:VHN-114853
db:BIDid:98528
db:JVNDBid:JVNDB-2017-004243
db:CNNVDid:CNNVD-201705-899
db:NVDid:CVE-2017-6650

LAST UPDATE DATE
2024-11-23T22:34:38.078000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114853date:2019-10-03T00:00:00
db:BIDid:98528date:2017-05-17T00:00:00
db:JVNDBid:JVNDB-2017-004243date:2017-06-20T00:00:00
db:CNNVDid:CNNVD-201705-899date:2019-10-23T00:00:00
db:NVDid:CVE-2017-6650date:2024-11-21T03:30:13.337

SOURCES RELEASE DATE
db:VULHUBid:VHN-114853date:2017-05-22T00:00:00
db:BIDid:98528date:2017-05-17T00:00:00
db:JVNDBid:JVNDB-2017-004243date:2017-06-20T00:00:00
db:CNNVDid:CNNVD-201705-899date:2017-05-22T00:00:00
db:NVDid:CVE-2017-6650date:2017-05-22T01:29:00.790