CVE-2017-6650

A vulnerability in the Telnet CLI command of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into the Telnet CLI command. An exploit could allow the attacker to read or write arbitrary files at the user's privilege level outside of the user's path. Cisco Bug IDs: CSCvb86771.

Published: May 22, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-6650
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

CWEs:

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
cisco / nx-os	7.1(1)n1(1)	7.1(1)n1(1).x
cisco / nx-os	7.1(2)n1(1)	7.1(2)n1(1).x
cisco / nx-os	7.1(3)n1(1)	7.1(3)n1(1).x
cisco / nx-os	7.1(3)n1(2)	7.1(3)n1(2).x
cisco / nx-os	7.1(3)n1(2.1)	7.1(3)n1(2.1).x
cisco / nx-os	7.1(3)n1(3.12)	7.1(3)n1(3.12).x
cisco / nx-os	7.1(4)n1(1)	7.1(4)n1(1).x
cisco / nx-os	7.2(0)d1(0.437)	7.2(0)d1(0.437).x
cisco / nx-os	7.2(0)n1(1)	7.2(0)n1(1).x
cisco / nx-os	7.2(0)zz(99.1)	7.2(0)zz(99.1).x
cisco / nx-os	7.2(1)n1(1)	7.2(1)n1(1).x
cisco / nx-os	7.3(0)n1(1)	7.3(0)n1(1).x

Vulnerability Database

289,599

CVE-2017-6650