Vulnerability Name:

CVE-2017-6650 (CCN-126149)

Assigned:2017-05-17
Published:2017-05-17
Updated:2019-10-03
Summary:A vulnerability in the Telnet CLI command of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into the Telnet CLI command. An exploit could allow the attacker to read or write arbitrary files at the user's privilege level outside of the user's path. Cisco Bug IDs: CSCvb86771.
CVSS v3 Severity:7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.1 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
4.4 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)
4.1 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:U/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
3.2 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:P/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-77
CWE-20
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2017-6650

Source: BID
Type: Third Party Advisory, Vendor Advisory
98528

Source: CCN
Type: BID-98528
Multiple Cisco Products CVE-2017-6650 Local Command Injection Vulnerability

Source: SECTRACK
Type: UNKNOWN
1038518

Source: XF
Type: UNKNOWN
cisco-nss1-cve20176650-cmd-exec(126149)

Source: CCN
Type: Cisco Security Advisory cisco-sa-20170517-nss1
Cisco Nexus 5000 Series Switches Telnet CLI Command Injection Vulnerability

Source: CONFIRM
Type: Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-nss1

Vulnerable Configuration:Configuration 1:
  • cpe:/o:cisco:nx-os:7.1(1)n1(1):*:*:*:*:*:*:*
  • OR cpe:/o:cisco:nx-os:7.1(2)n1(1):*:*:*:*:*:*:*
  • OR cpe:/o:cisco:nx-os:7.1(3)n1(1):*:*:*:*:*:*:*
  • OR cpe:/o:cisco:nx-os:7.1(3)n1(2):*:*:*:*:*:*:*
  • OR cpe:/o:cisco:nx-os:7.1(3)n1(2.1):*:*:*:*:*:*:*
  • OR cpe:/o:cisco:nx-os:7.1(3)n1(3.12):*:*:*:*:*:*:*
  • OR cpe:/o:cisco:nx-os:7.1(4)n1(1):*:*:*:*:*:*:*
  • OR cpe:/o:cisco:nx-os:7.2(0)d1(0.437):*:*:*:*:*:*:*
  • OR cpe:/o:cisco:nx-os:7.2(0)n1(1):*:*:*:*:*:*:*
  • OR cpe:/o:cisco:nx-os:7.2(0)zz(99.1):*:*:*:*:*:*:*
  • OR cpe:/o:cisco:nx-os:7.2(1)n1(1):*:*:*:*:*:*:*
  • OR cpe:/o:cisco:nx-os:7.3(0)n1(1):*:*:*:*:*:*:*
  • AND
  • cpe:/h:cisco:nexus_5548up:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:nexus_5596t:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:nexus_5596up:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:nexus_56128p:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:nexus_5624q:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:nexus_5648q:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:nexus_5672up:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:nexus_5672up-16g:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:nexus_5696q:-:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:cisco:nx-os:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    cisco nx-os 7.1(1)n1(1)
    cisco nx-os 7.1(2)n1(1)
    cisco nx-os 7.1(3)n1(1)
    cisco nx-os 7.1(3)n1(2)
    cisco nx-os 7.1(3)n1(2.1)
    cisco nx-os 7.1(3)n1(3.12)
    cisco nx-os 7.1(4)n1(1)
    cisco nx-os 7.2(0)d1(0.437)
    cisco nx-os 7.2(0)n1(1)
    cisco nx-os 7.2(0)zz(99.1)
    cisco nx-os 7.2(1)n1(1)
    cisco nx-os 7.3(0)n1(1)
    cisco nexus 5548up -
    cisco nexus 5596t -
    cisco nexus 5596up -
    cisco nexus 56128p -
    cisco nexus 5624q -
    cisco nexus 5648q -
    cisco nexus 5672up -
    cisco nexus 5672up-16g -
    cisco nexus 5696q -
    cisco nx-os *