CVE-2017-6649: Input Validation
First published: Mon May 22 2017(Updated: )
A vulnerability in the CLI of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to read or write arbitrary files at the user's privilege level outside of the user's path. Cisco Bug IDs: CSCvb86787, CSCve60516, CSCve60555.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco NX-OS | =7.1\(1\)n1\(1\) | |
| Cisco NX-OS | =7.1\(2\)n1\(1\) | |
| Cisco NX-OS | =7.1\(3\)n1\(1\) | |
| Cisco NX-OS | =7.1\(3\)n1\(2\) | |
| Cisco NX-OS | =7.1\(3\)n1\(2.1\) | |
| Cisco NX-OS | =7.1\(3\)n1\(3.12\) | |
| Cisco NX-OS | =7.1\(4\)n1\(1\) | |
| Cisco NX-OS | =7.2\(0\)d1\(0.437\) | |
| Cisco NX-OS | =7.2\(0\)n1\(1\) | |
| Cisco NX-OS | =7.2\(0\)zz\(99.1\) | |
| Cisco NX-OS | =7.2\(1\)n1\(1\) | |
| Cisco NX-OS | =7.3\(0\)n1\(1\) | |
| Cisco Nexus 5548UP Firmware | ||
| Cisco Nexus 5596T Firmware | ||
| Cisco Nexus 5596UP Firmware | ||
| Cisco 56128p | ||
| Cisco Nexus 5624Q Firmware | ||
| Cisco Nexus 5648Q Firmware | ||
| Cisco Nexus 5672UP-16G | ||
| Cisco Nexus 5672UP-16G Firmware | ||
| Cisco Nexus 5696Q Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-6649?
CVE-2017-6649 has a high severity rating due to the potential for command injection attacks on affected Cisco NX-OS versions.
How do I fix CVE-2017-6649?
To address CVE-2017-6649, upgrading to a fixed version of NX-OS that addresses the vulnerability is recommended.
What affected versions are there for CVE-2017-6649?
CVE-2017-6649 affects Cisco NX-OS versions 7.1 through 7.3.
Can unprivileged users exploit CVE-2017-6649?
No, CVE-2017-6649 requires an authenticated, local attacker to exploit the vulnerability.
What types of devices are impacted by CVE-2017-6649?
CVE-2017-6649 impacts Cisco Nexus Series Switches running vulnerable NX-OS versions.
- agent/weakness
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco nx-os
- version/cisco nx-os/7.1\(1\)n1\(1\)
- version/cisco nx-os/7.1\(2\)n1\(1\)
- version/cisco nx-os/7.1\(3\)n1\(1\)
- version/cisco nx-os/7.1\(3\)n1\(2\)
- version/cisco nx-os/7.1\(3\)n1\(2.1\)
- version/cisco nx-os/7.1\(3\)n1\(3.12\)
- version/cisco nx-os/7.1\(4\)n1\(1\)
- version/cisco nx-os/7.2\(0\)d1\(0.437\)
- version/cisco nx-os/7.2\(0\)n1\(1\)
- version/cisco nx-os/7.2\(0\)zz\(99.1\)
- version/cisco nx-os/7.2\(1\)n1\(1\)
- version/cisco nx-os/7.3\(0\)n1\(1\)
- canonical/cisco nexus 5548up firmware
- canonical/cisco nexus 5596t firmware
- canonical/cisco nexus 5596up firmware
- canonical/cisco 56128p
- canonical/cisco nexus 5624q firmware
- canonical/cisco nexus 5648q firmware
- canonical/cisco nexus 5672up-16g
- canonical/cisco nexus 5672up-16g firmware
- canonical/cisco nexus 5696q firmware