Command Injection Vulnerability in Cisco Nexus Series Switches
CVE-2017-6649
7.8HIGH
What is CVE-2017-6649?
An insufficient input validation vulnerability exists in the CLI of Cisco NX-OS System Software for Nexus Series Switches. This flaw allows an authenticated local attacker to perform a command injection attack by injecting crafted command arguments into CLI commands. Successful exploitation could enable the attacker to read or write arbitrary files according to the user's privilege level, potentially compromising the system's integrity. This vulnerability affects versions 7.1 through 7.3 of the NX-OS software.
Affected Version(s)
Cisco Nexus Series Switches Cisco Nexus Series Switches