CVE-2017-12785

CRITICAL

Noviflow Noviware < 400.2.6 - Memory Corruption

Title source: rule

Description

The novish command-line interface, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, is prone to a buffer overflow in the "show log cli" command. This could be used by a read-only user (monitor role) to gain privileged (root) code execution on the switch via command injection.

Exploits (1)

exploitdb WORKING POC

by François Goichon · textdoshardware

https://www.exploit-db.com/exploits/42518

View Code ZIP pw:eip

References (1)

[Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/42518/

Scores

CVSS v3 9.8

EPSS 0.2412

EPSS Percentile 96.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (1)

noviflow/noviware < 400.2.6

Published Aug 22, 2017

Tracked Since Feb 18, 2026