CVE-2017-6649

A vulnerability in the CLI of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to read or write arbitrary files at the user's privilege level outside of the user's path. Cisco Bug IDs: CSCvb86787, CSCve60516, CSCve60555.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:cisco:nx-os:7.1\(1\)n1\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:nx-os:7.1\(2\)n1\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:nx-os:7.1\(3\)n1\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:nx-os:7.1\(3\)n1\(2\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:nx-os:7.1\(3\)n1\(2.1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:nx-os:7.1\(3\)n1\(3.12\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:nx-os:7.1\(4\)n1\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:nx-os:7.2\(0\)d1\(0.437\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:nx-os:7.2\(0\)n1\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:nx-os:7.2\(0\)zz\(99.1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:nx-os:7.2\(1\)n1\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:nx-os:7.3\(0\)n1\(1\):*:*:*:*:*:*:*
OR cpe:2.3:h:cisco:nexus_5548up:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_5596t:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_5596up:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_56128p:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_5624q:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_5648q:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_5672up:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_5672up-16g:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_5696q:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:30

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/98531 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/98531 - Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id/1038518 - () http://www.securitytracker.com/id/1038518 -
References () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-nss - Vendor Advisory () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-nss - Vendor Advisory

Information

Published : 2017-05-22 01:29

Updated : 2024-11-21 03:30


NVD link : CVE-2017-6649

Mitre link : CVE-2017-6649

CVE.ORG link : CVE-2017-6649


JSON object : View

Products Affected

cisco

  • nexus_5672up-16g
  • nexus_56128p
  • nexus_5696q
  • nexus_5672up
  • nx-os
  • nexus_5648q
  • nexus_5624q
  • nexus_5596up
  • nexus_5596t
  • nexus_5548up
CWE
CWE-20

Improper Input Validation

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')