CVE-2017-6650
HIGHCisco NX-OS 7.1-7.3 - Authenticated Command Injection via Telnet CLI
Title source: llmDescription
A vulnerability in the Telnet CLI command of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into the Telnet CLI command. An exploit could allow the attacker to read or write arbitrary files at the user's privilege level outside of the user's path. Cisco Bug IDs: CSCvb86771.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1038518
Third Party Advisory, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/98528
Vendor Advisory x_refsource_confirm
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-nss1
Scores
CVSS v3
7.8
EPSS
0.0089
EPSS Percentile
54.7%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
CWE-77
Status
published
Products (13)
cisco/nx-os
7.1\(1\)n1\(1\)
cisco/nx-os
7.1\(2\)n1\(1\)
cisco/nx-os
7.1\(3\)n1\(1\)
cisco/nx-os
7.1\(3\)n1\(2\)
cisco/nx-os
7.1\(3\)n1\(2.1\)
cisco/nx-os
7.1\(3\)n1\(3.12\)
cisco/nx-os
7.1\(4\)n1\(1\)
cisco/nx-os
7.2\(0\)d1\(0.437\)
cisco/nx-os
7.2\(0\)n1\(1\)
cisco/nx-os
7.2\(0\)zz\(99.1\)
... and 3 more
Published
May 22, 2017
Tracked Since
Feb 18, 2026