CVE-2017-6650: Input Validation
First published: Mon May 22 2017(Updated: )
A vulnerability in the Telnet CLI command of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into the Telnet CLI command. An exploit could allow the attacker to read or write arbitrary files at the user's privilege level outside of the user's path. Cisco Bug IDs: CSCvb86771.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco NX-OS | =7.1\(1\)n1\(1\) | |
| Cisco NX-OS | =7.1\(2\)n1\(1\) | |
| Cisco NX-OS | =7.1\(3\)n1\(1\) | |
| Cisco NX-OS | =7.1\(3\)n1\(2\) | |
| Cisco NX-OS | =7.1\(3\)n1\(2.1\) | |
| Cisco NX-OS | =7.1\(3\)n1\(3.12\) | |
| Cisco NX-OS | =7.1\(4\)n1\(1\) | |
| Cisco NX-OS | =7.2\(0\)d1\(0.437\) | |
| Cisco NX-OS | =7.2\(0\)n1\(1\) | |
| Cisco NX-OS | =7.2\(0\)zz\(99.1\) | |
| Cisco NX-OS | =7.2\(1\)n1\(1\) | |
| Cisco NX-OS | =7.3\(0\)n1\(1\) | |
| Cisco Nexus 5548UP Firmware | ||
| Cisco Nexus 5596T Firmware | ||
| Cisco Nexus 5596UP Firmware | ||
| Cisco 56128p | ||
| Cisco Nexus 5624Q Firmware | ||
| Cisco Nexus 5648Q Firmware | ||
| Cisco Nexus 5672UP-16G | ||
| Cisco Nexus 5672UP-16G Firmware | ||
| Cisco Nexus 5696Q Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-6650?
CVE-2017-6650 has a high severity rating due to the potential for command injection by authenticated local attackers.
How do I fix CVE-2017-6650?
To fix CVE-2017-6650, update your Cisco NX-OS software to a version that addresses the vulnerability, such as 7.3 or later.
Which Cisco NX-OS versions are affected by CVE-2017-6650?
CVE-2017-6650 affects Cisco NX-OS versions 7.1 through 7.3.
What type of attack does CVE-2017-6650 enable?
CVE-2017-6650 enables authenticated local attackers to perform command injection attacks.
Who is affected by CVE-2017-6650?
Organizations using Cisco Nexus Series Switches running affected versions of Cisco NX-OS are at risk from CVE-2017-6650.
- agent/first-publish-date
- agent/last-modified-date
- agent/type
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco nx-os
- version/cisco nx-os/7.1\(1\)n1\(1\)
- version/cisco nx-os/7.1\(2\)n1\(1\)
- version/cisco nx-os/7.1\(3\)n1\(1\)
- version/cisco nx-os/7.1\(3\)n1\(2\)
- version/cisco nx-os/7.1\(3\)n1\(2.1\)
- version/cisco nx-os/7.1\(3\)n1\(3.12\)
- version/cisco nx-os/7.1\(4\)n1\(1\)
- version/cisco nx-os/7.2\(0\)d1\(0.437\)
- version/cisco nx-os/7.2\(0\)n1\(1\)
- version/cisco nx-os/7.2\(0\)zz\(99.1\)
- version/cisco nx-os/7.2\(1\)n1\(1\)
- version/cisco nx-os/7.3\(0\)n1\(1\)
- canonical/cisco nexus 5548up firmware
- canonical/cisco nexus 5596t firmware
- canonical/cisco nexus 5596up firmware
- canonical/cisco 56128p
- canonical/cisco nexus 5624q firmware
- canonical/cisco nexus 5648q firmware
- canonical/cisco nexus 5672up-16g
- canonical/cisco nexus 5672up-16g firmware
- canonical/cisco nexus 5696q firmware